The cyber world is becoming increasingly complex as new technologies, policies and expectations come into play. Artificial intelligence (AI) is making inroads into applications, network management, and more, while identity management and zero trust architectures are altering the threat landscape. Agencies are embracing the many varied cloud deployments, such as multi-cloud, hybrid, private, etc. All new technologies introduce new elements of r...

Inserting new technology into the U.S. healthcare system has the potential to remake every facet – from personalized medicine to disease surveillance and response, fraud detection to operational efficiencies. It is a challenging process; legacy technologies that never were designed to be integrated into the larger system, data silos, compliance requirements such as HIPAA, and cybersecurity risks all need to be addressed and modernized. U...

Building a cybersecurity-compliance framework is about more than simply purchasing services from a GovRAMP-certified provider. For instance, GovRAMP itself states that “using an infrastructure with a GovRAMP Authorized status does not automatically make the service provider’s system GovRAMP compliant. Each layer (e.g. IaaS, PaaS, and SaaS) must be evaluated on its own for the provider to obtain a GovRAMP Authorized status.” L...

GovRAMP is all about cybersecurity – built on the National Institute of Standards and Technology’s (NIST) Special Publication 800-53 Rev. 4 framework, based on and similar to FedRAMP, it works on a “complete once, use many” model intended to save both time and money for state governments and CSPs alike. Learning Objectives: Review the elements of cybersecurity addressed by the NIST standard and how they are incorporated...

One consideration for state CIOs is whether to maintain a multi-cloud environment. Having more than one cloud provides the opportunity for state agencies to pick and choose among the different providers for the best fit to meet their needs – but running multiple clouds can be expensive and technically challenging to manage. Learning Objectives: Identify the various criteria that define the differences between CSPs and how agencies can ap...

Cybersecurity has evolved from an afterthought to a fundamental component of modern IT systems. The rise of workflow automation and the rapid expansion of artificial intelligence (AI) applications have significantly enhanced the power, reach, and effectiveness of cybersecurity measures particularly in breach detection and incident response speed. Security Operations Centers (SOCs) play a critical role in safeguarding organizations, serving as...

As cyber threats grow more sophisticated, agencies must move beyond static defenses to intelligence-driven security. And while AI and machine learning (ML) enhance efficiency by detecting anomalies, forecasting risks, and accelerating response, agencies still need to address concerns about verification of alert evidence and suggested response actions. AI-powered security integrates with existing tools like Security Information and Event Manage...

The federal government is well aware of the dangers of cyber attacks. In December 2024, Chinese hackers penetrated a Treasury Department vendor and accessed more than 3,000 unclassified files related to high-ranking officials. Just a month earlier, researchers had discovered Salt Typhoon, a Chinese attack breaching eight U.S. telecom providers; the attack began as much as two years ago and still infects the companies’ networks. These and...

The federal government is well aware of the dangers of cyber attacks. In December 2024, Chinese hackers penetrated a Treasury Department vendor and accessed more than 3,000 unclassified files related to high-ranking officials. Just a month earlier, researchers had discovered Salt Typhoon, a Chinese attack breaching eight U.S. telecom providers; the attack began as much as two years ago and still infects the companies’ networks. These and...