People and Organizations:
Make information security a core part of organizational culture, ensuring greater awareness and better computing practices. For example, information security training should be mandatory for all government employees and contractors and information security performance should be an item in performance reviews.
Optimize enterprise and workforce planning to leverage consolidation in security talent, achieving cost savings and security benefits. For example, certain functions that are not inherently governmental can be outsourced (e.g., data centers shifted to vendor-managed cloud environments) as appropriate and in accordance with the pre-defined security parameters.
Identify the unique aspects of the operational environment as a marketing tool to improve workforce hiring and retention. For example, for recruitment and retention, the government should tout that it is a highly-attacked network posing unique security challenges and the Department of Homeland Security (DHS) should leverage the special pay incentives provided by recent legislation. Other agencies should work to identify and use similar hiring and pay incentives or exceptions.