DHS preps AWARE risk management tool for launch — GCN

0
443
Evaluating cybersecurity risk

DHS preps AWARE risk management tool for launch

Over the next two years, the Department of Homeland Security’s Continuous Diagnostics and Mitigation program will focus on deploying its new risk scoring algorithm to help agencies prioritize mitigation activities and improve their basic cybersecurity hygiene.

The Agency-Wide Adaptive Risk Enumeration algorithm will have a “soft rollout” in October, according to CDM Program Manager Kevin Cox.  Speaking at a March 27 technology conference hosted by the Advanced Technology Academic Research Center, Cox described how AWARE will start with tracking basic agency metrics like vulnerability management, patching and configuration.

There’s little point focusing on higher level attack vectors when “the front door is wide open” because agencies are still skimping on the fundamentals, he said. Adversaries go after “the easier targets to be able to get a foothold and then expand out and move laterally across the network.”

Further down the line, Cox said, DHS wants AWARE to assess risk down to the individual system level.

Read More…