The US Government (USGov) Cybersecurity Risk Management landscape can be very challenging to navigate. Government agencies and their service providers are often overwhelmed by the vast amount of information and resources required to satisfy USGov cybersecurity requirements. Given that these requirements are law and policy-driven, implementers like software engineers find it even more challenging to follow due to the lack of processes that translate laws and policies into actionable tasks. These tasks are essential for engineers and developers to design, implement, and configure US government systems and software.

In the world of cybersecurity, compliance and risk management frameworks are essential for safeguarding systems and data. Among the most prominent of these frameworks is NIST SP 800-53, which provides a comprehensive set of security and privacy controls for federal information systems and organizations. As technology and the threat landscape evolve, so too must the frameworks that protect our digital infrastructure. This post will explore the key differences between two of NIST’s most important revisions: NIST SP 800-53 Revision 4 and NIST SP 800-53 Revision 5.

In today’s fast-paced digital economy, cybersecurity governance and compliance frameworks play a critical role in maintaining the integrity and security of organizational assets. However, translating governance policies into developer-friendly guidelines, especially as part of the Software Development Life Cycle (SDLC), remains a significant challenge for many organizations. Bridging the gap between high-level compliance frameworks and actionable, developer-centric practices is key to ensuring secure code, reducing risks, and achieving seamless integration of cybersecurity measures throughout the development process.

This post first appeared as an Op-Ed on Daily Trust Newspaper — published on June 21st, 2017. You can read the paper here. — The new buzz statement is, “Data is the new oil.” In this digital era, data is what oil was in the 19th century. Everyone is talking about how data is going to be the new resource economies are going to be built upon - whether that is true or not; there is no doubt that data is valuable.

I just learned that Windows XP is still in use in Nigeria and that Federal employees can format hard drives and replace the licensed OS with pirated copies. Microsoft has stopped supporting Windows XP since April 8th, 2014. Meaning there will be no more security updates and technical support. The Nigerian Government needs to learn from what is going on around the world. Imagine if the #WannaCry attack that happened yesterday was targeted towards Nigeria.