To protect mobile devices from cyber threats, organizations must implement and integrate three disparate technologies: enterprise mobility management, mobile application vetting and mobile threat defense, according to a soon-to-be-released white paper from the Cybersecurity and Infrastructure Security Agency.
Branko Bokan, an official from CISA’s cybersecurity division, offered insights into the paper’s methodology and threat-based approach to cyber practices in Washington Tuesday.
Bokan started his deep-dive into the agency’s findings with a question he said he likes to frequently pose: “How do you make a decision on where to spend your next cyber dollar?”
The cybersecurity official explained that people from agencies and industry alike frequently answer by saying they implement whatever their vendors, inspectors general, or risk management teams tell them to—and they often talk about managing these risks without identifying what the real risks are.
To address the issue and boost defense, CISA recently developed and employed a new methodology known as “.govCAR” or Cybersecurity Architecture Review of the .gov domain.
Based on an approach originally…
