7. Executive Leadership-led Risk Management

NEWS FLASH America--CEOs & Sr Ldrs get FIRED over breaches

As enterprises strive to gain value by leveraging technology, the risk associated with digital business is increasing. Isolated approaches to information security, business continuity and incident response are a thing of the past; today, the urgency of providing continuously available services for customers and business partners in the digital economy requires enterprises to become resilient. A resilient enterprise protects... more »

Voting

2 votes
Public Input

6. Solving the Talent Search

Change the paradigm-Invest in Cybersecurity Workforce Dev

Reports and articles keep surfacing on the issue of lacking cybersecurity talent in the federal government. Since 2010, little improvement has been seen regarding increased knowledge, skills, and abilities among the federal cybersecurity workforce. (Williams, 2015b).This can be attributed large to leadership failures across the agencies. Cybersecurity experts in the trenches, industrial organizational psychologists, and... more »

Voting

3 votes
Public Input

5. Sharing of Threat Intelligence

Silos cripple information sharing--Mandate sharing

Threat data sharing or cybersecurity-related information sharing is essential to the protection of the federal government, other critical infrastructure sectors, and to furthering cybersecurity for the Nation. The government needs to set the global standard on establishing an environment that facilitates threat data information sharing, it still operates in silos. Action must be taken to arm stakeholders with needed information... more »

Voting

1 vote
Public Input

4.Adopting a Threat-Aware Proactive Defense

Start with the Crown Jewels & Stop Spreading Peanut Butter

Currently, the government is still focused on perimeter defense will only a shallow defense-in-depth strategy. The problem centers on an enterprise architecture that is designed to usually protect the entire network at the same level, thus peanut butter spreading network defense resources. Agencies fail built a network defense strategy that focus on protecting their crown jewels, vulnerability reduction, and adversary... more »

Voting

2 votes
Public Input

1. Addressing Cyber Fundamentals

We know what's wrong, but do we know what to fix?

Leadership is on the right track when it asks why people and organizations don't do what they're supposed to do. Lessons observed (what we know) aren't converted enough into lessons learned (what we do) to prevent familiar security lapses. This is true of ALL organizations, not just government, and always boils down to one thing: Behavior. Doing the right thing the right way, or not, is about behavior whether you're... more »

Voting

2 votes
Public Input