Engage agency executives to be proactively demanding requirements/expectations/priorities from cyber shops
Use FITARA governance requirements to get cyber risks built into program and budgeting evaluations up front, not afterwards
Cement the relationship between CISOs and RMOS and CDOs; not just an exclusive reporting relationship to CIOs
Use Cyber Investment Management Boards (DOD example) where cyber projects are presented, defended, and measured against outcome based performance measures for funding. Helps get cybersecurity accountability as a shared responsibility across senior leadership of the organization and to understand costs and risk benefits.
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just... more »