It's hard to measure the impact of something that never happened. But that is exactly what federal agencies and private companies must do in risk management, and in determining the return on investment in IT security.

Destinations such as Singapore, Malaysia or Hong Kong need to seize the opportunity of being deemed an acceptable data transfer partner with the European Union in order to get ahead of the competition.

This video produced by EletsTV was filmed at a "Cloud Computing and Government" symposium held in New Delhi, India on April 30th. This video features SafeGov's Jeff Gould speaking about the challenges of implementing cloud computing solutions for public sector customers in international markets.

Europe’s Data Protection Authorities have made a bold new move in their long-running fight to compel changes in Google’s controversial privacy policy. After repeated warnings that the policy violates the rights of European users and persistent indifference from Google, six of the 27 members of the EU’s Article 29 Working Party of national Data Protection Authorities – including France, Germany, the UK, Italy, the Netherlands, and Spain – have decided to pursue enforcement measures against Google under their respective national laws. At stake is Google’s ability to continue deploying in Europe its business model of offering free or low-cost online services in exchange for users’ personal information. However, the biggest impact of the DPAs’ move may come not in the consumer market, but in the lesser-known market for online services used by organizations such as governments and schools.

Current US law and government IT policy take a limited a view of the potential conflicts between existing government information privacy and security standards and actual vendor data collection practices. As a result, procurement requirements lack appropriate risk-management and enforcement mechanisms. Given the proliferation of data collection practices in Internet services companies, government IT leaders should more directly define the parameters of government data ownership in government IT policy and procurement guidance. Government should also better educate employees and govern the use of Internet-based services on government-owned systems.

In federal information technology circles, it's become a truism that agencies spend way too much time and effort doing paperwork in pursuit of cybersecurity and not nearly enough on constantly keeping watch over systems and implementing best practices in real-time to make sure those systems are actually better secured than they were the day before. A new report offers a roadmap that purports to offer ways to implement measures that measure cybersecurity outcomes rather than just processes, while recognizing that no two agencies have the exact same risk profile.

Agencies must establish a unique baseline threat assessment and automate monitoring to ensure good cybersecurity, says a SafeGov report (.pdf) released Tuesday.

White House efforts to better protect the networks of government agencies and critical infrastructure operators have been described as a down payment on federal cybersecurity, but with fast-moving threats and continued intrusions, officials are looking for ways to get more secure more quickly.

A group of former federal information technology executives are calling on the administration to change the way it assesses the cybersecurity of federal networks.

If 2012 was the year for finalizing FedRAMP as a streamlined security program for government cloud computing, 2013 may be the year where the work pays off and vendors start announcing certified FedRAMP cloud computing solutions. But even as vendors get their solutions FedRAMP certified, does FedRAMP really address all the potential concerns an agency might have for implementing a robust cloud computing solution?