Use certifications similar to FedRAMP (standard baseline assessment) for all IT acquisitions, not just for cloud.
This is the difference between thinking tactically and thinking strategically. If you are thinking tactically, your to-do list is endless. There is always one more control to install, one more security practice to implement. There is no way to prioritize the workload or to measure your improvement. Security practitioners sprint from task to task putting out fires, never taking the time to build a program that can absorb... more »
(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) With the continued and growing dependence of the government on commercially provided IT services, what changes are needed to government acquisition policies and practices... more »
(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) How can government tackle the cybersecurity talent search in a way that strengthens skills, experience, and knowledge both within government CISO/CIO and partner organizations... more »
Finance and Procurement: Organizational procurement programs should have clearly defined and communicated priorities, accompanied by clear direction to procurement agents on the procedures to acquire technology consistent with those priorities, resulting in a consistent, predictable, and agile acquisition approach that will result in more secure technology deployments. For example, the Director of the Office of Management... more »
There is a rapid increase in cyber insurance across the commercial landscape. This is getting the C-level attention because the risk and costs are being codified into actual numbers, not just fear of something bad happening. The Federal Government should leverage off this trend and require all Government contractors to have a level of insurance, which will likewise drive a level of accountability and measurement. This... more »