Showing 18 ideas for tag "responsibilty"
kudos icon +

1. Addressing Cyber Fundamentals

Cybersecurity is everyone’s responsibility

Although the OPM breach has been the major source of cybersecurity discussion the past few months, it is certainly not the only issue that needs to be addressed. During the panel discussion at the NACo Summit we also covered topics like the White House Cybersecurity Sprint and how to better protect systems and data for long-term security.
If you are not familiar with the 30-day White House Cybersecurity sprint, it is... more »

Voting

6 votes
Public Input
kudos icon +

4.Adopting a Threat-Aware Proactive Defense

A Proposed Strategy for the Cyber Defense of U.S. Critical Infra

Today, America is in constant contact with the enemy - and the form of conflict has changed. The expansion of the Internet globally is being accompanied by an explosion of cyber threats. Nation-state adversaries, terrorists, and criminals exploit our weakly secured technology. The United States is principally reliant on its technology for a competitive advantage across the globe. Now, thanks to the Internet and cyberspace,... more »

Voting

3 votes
Public Input
kudos icon +

5. Sharing of Threat Intelligence

"Skin in the Game”

A multifaceted approach of building trust, having “skin in the game” (“AntiFragile” - Taleb), incentives and penalties for both industry and government. It has to be made in the best interest of both “parties” to share threat intelligence. This coupled with a multifaceted approach of incentives, disincentives, non attribution, etc. Then you increase the probability that sharing will occur. The incentives for government... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 4

Finance and Procurement:

Organizational procurement programs should have clearly defined and communicated priorities, accompanied by clear direction to procurement agents on the procedures to acquire technology consistent with those priorities, resulting in a consistent, predictable, and agile acquisition approach that will result in more secure technology deployments. For example, the Director of the Office of Management... more »

Voting

2 votes
Public Input
kudos icon +

2. Business Initiated Vulnerabilities

Supported ITAPS recommendations

(Paragraphs preceded by [Non-ITAPS] are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?

[Non-ITAPS]... more »

Voting

1 vote
Public Input
kudos icon +

3. Breach-to-Response Acceleration

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can agencies effectively address current time lags with detection of and response to vulnerabilities and threats that will significantly compress breach-to-detection-to-response... more »

Voting

1 vote
Public Input
kudos icon +

3. Breach-to-Response Acceleration

Supported ITAPS recommendations, part 2

Consistent with the concept that security is the responsibility of all employees, all agency employees should be educated and trained on general incident response planning concepts and any related responsibilities, including how to notify response organizations, the information to report, and other relevant activities.

All incidents, exercises, and general activities offer opportunities to learn and improve planning.... more »

Voting

2 votes
Public Input
kudos icon +

4.Adopting a Threat-Aware Proactive Defense

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How should the government expand beyond its emphasis on perimeter defense and even defense-in-depth, and instead put more relative resources toward combining actionable... more »

Voting

2 votes
Public Input
kudos icon +

7. Executive Leadership-led Risk Management

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just... more »

Voting

1 vote
Public Input
kudos icon +

7. Executive Leadership-led Risk Management

Supported ITAPS recommendations, part 2

Provide for the escalation of risk-based decisions through senior leadership if critical security recommendations are rejected by owners of business lines or applications, ensuring critical security decisions are not made in isolation. For example, decisions to keep critical systems available while overriding security recommendations should no longer be routinely deferred exclusively to network, system, or application... more »

Voting

2 votes
Public Input
kudos icon +

8. Building Effective Security into Acquisitions

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »

Voting

1 vote
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

We know what's wrong, but do we know what to fix?

Leadership is on the right track when it asks why people and organizations don't do what they're supposed to do. Lessons observed (what we know) aren't converted enough into lessons learned (what we do) to prevent familiar security lapses.

This is true of ALL organizations, not just government, and always boils down to one thing: Behavior. Doing the right thing the right way, or not, is about behavior whether you're... more »

Voting

2 votes
Public Input
kudos icon +

5. Sharing of Threat Intelligence

Silos cripple information sharing--Mandate sharing

Threat data sharing or cybersecurity-related information sharing is essential to the protection of the federal government, other critical infrastructure sectors, and to furthering cybersecurity for the Nation. The government needs to set the global standard on establishing an environment that facilitates threat data information sharing, it still operates in silos. Action must be taken to arm stakeholders with needed information... more »

Voting

1 vote
Public Input
kudos icon +

7. Executive Leadership-led Risk Management

NEWS FLASH America--CEOs & Sr Ldrs get FIRED over breaches

As enterprises strive to gain value by leveraging technology, the risk associated with digital business is increasing. Isolated approaches to information security, business continuity and incident response are a thing of the past; today, the urgency of providing continuously available services for customers and business partners in the digital economy requires enterprises to become resilient. A resilient enterprise protects... more »

Voting

2 votes
Public Input