2. Business Initiated Vulnerabilities

How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

Showing 3 ideas for tag "management"
kudos icon +

2. Business Initiated Vulnerabilities

Supported ITAPS recommendations

(Paragraphs preceded by [Non-ITAPS] are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force)

How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?

[Non-ITAPS]... more »

Voting

1 vote
Public Input
kudos icon +

2. Business Initiated Vulnerabilities

Create Gov Wide "Security Maven" Program for Gov IT Developers

Walmart achieved a 92% reduction in security defects by creating a "Security Maven" role to drive security best practices into their software development teams that greatly outnumbered their security teams.

IT security in government is typically organized as a silo focused on protecting production systems. A government-wide security maven program would help tear down the existing" expertise" and "contractual" barriers... more »

Voting

4 votes
Public Input
kudos icon +

2. Business Initiated Vulnerabilities

New Risk Management Approach (SuperSIG)

Need a Risk-based approach using quantifiable risk measures in Tech-Stat like sessions so that mission/business requests involving business process changes or introduction of new products/apps would be properly vetted, using “what-if” scenarios that provide more reality around probabilities and impacts resulting from potential vulnerabilities.

Voting

2 votes
Public Input