1. Approach cybersecurity the same way government now approaches Section 508 compliance – embed it from the start through the finish.
2. Make available a real, visualized threat dashboard to business process owners to educate them on the scope of threat in today’s environment.
Build security into the front end of development activities so that tailored standards could be used to address appropriate risk factors in test/dev settings – create DMZ for developers, who build knowing security policies in advance
Give a plus in evaluations of companies for primes that incentivize partners to address business-led security
Need a Risk-based approach using quantifiable risk measures in Tech-Stat like sessions so that mission/business requests involving business process changes or introduction of new products/apps would be properly vetted, using “what-if” scenarios that provide more reality around probabilities and impacts resulting from potential vulnerabilities.
2) How can agencies sharpen focus on vulnerabilities created (or exposed) by uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber.
IT security in government is typically organized as a silo focused on protecting production systems. A government-wide security maven program would help tear down the existing" expertise" and "contractual" barriers... more »
How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?
[Non-ITAPS]... more »