Engage agency executives to be proactively demanding requirements/expectations/priorities from cyber shops
Use FITARA governance requirements to get cyber risks built into program and budgeting evaluations up front, not afterwards
Build security into the front end of development activities so that tailored standards could be used to address appropriate risk factors in test/dev settings – create DMZ for developers, who build knowing security policies in advance
With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
How can we sustain executive-level attention to this critical issue, and institutionalize cyber as an on-going component of agency risk management practices, not just... more »
All incidents, exercises, and general activities offer opportunities to learn and improve planning.... more »
How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?
[Non-ITAPS]... more »