1. Addressing Cyber Fundamentals

How do we move from inconsistent security/privacy protection control approaches to solid fundamentals that address most basic risks faced by agencies?

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

Showing 5 ideas for tag "accountability"
kudos icon +

1. Addressing Cyber Fundamentals

Supported ITAPS recommendations, part 2

Governance and Accountability:

Establish an outcome-focused Governance Framework that covers all aspects of the enterprise, resulting in effective direction-setting, decision-making, oversight, transparency, and accountability. For example, fully execute and enforce the Federal Information Security Management Act (FISMA) as contemplated in the authorizing legislation and seek legislative reform where necessary.

Escalate... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Fundamentals of Security and Privacy start w/Risk Mitigation

Security/Privacy Protection Controls consistency is critical to mitigating organizational risk. Risk mitigation begins at the highest level of an organization. It is a combination of three key things—governance, accountability, and culture. Implementing an organizational governance process will bring myriad benefits, including lower costs, greater control, and overall increased efficiency and effectiveness. A benchmarked... more »

Voting

3 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Security Self Audit Checklist (SuperSIG)

Create a self-audit checklist that agencies could use on a regular basis to assess themselves on fundamental security capabilities. It would be risk profile based for each agency. Addresses the problem of just having this done by auditors (GAO/IG) or consultants. Keeps attention and resource needed to close weaknesses and vulnerabilities.

Note: FCC is example.

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Budget Alignment and Accountability

Adding additional cyber requirements from the OMB / DHS without allocating funds implies that existing funds have to be spread ever thinner , or monies have to be diverted from the Department Agency mission.

Perhaps an alternative is providing prioritization for allocation of existing funds (This mandate is #1, then this exec order etc etc).

With the "public" availability of such a list, audit should become more effective,... more »

Voting

2 votes
Public Input
kudos icon +

1. Addressing Cyber Fundamentals

Hold agencies accountable to NIST Cybersecurity Framework

The NIST Cybersecurity Framework (CSF) did a great job describing what is needed to have a good cyber security posture, but it leaves you hanging on how do you do it; what are good practices; how do you measure it? To help assess the operational cyber defense posture of Department of Defense (DoD) systems, Office of Secretary of Defense (OSD), Director Operational Test and Evaluation (DOT&E) developed metrics using the... more »

Voting

2 votes
Public Input