IT security in government is typically organized as a silo focused on protecting production systems. A government-wide security maven program would help tear down the existing" expertise" and "contractual" barriers... more »
Need a Risk-based approach using quantifiable risk measures in Tech-Stat like sessions so that mission/business requests involving business process changes or introduction of new products/apps would be properly vetted, using “what-if” scenarios that provide more reality around probabilities and impacts resulting from potential vulnerabilities.
How can agencies sharpen focus on vulnerabilities created by (or exposed by) uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber?
[Non-ITAPS]... more »
2) How can agencies sharpen focus on vulnerabilities created (or exposed) by uninformed business/program users and the array of technology solutions embedded in service delivery that does not account for cyber.
Give a plus in evaluations of companies for primes that incentivize partners to address business-led security
Build security into the front end of development activities so that tailored standards could be used to address appropriate risk factors in test/dev settings – create DMZ for developers, who build knowing security policies in advance
1. Approach cybersecurity the same way government now approaches Section 508 compliance – embed it from the start through the finish.
2. Make available a real, visualized threat dashboard to business process owners to educate them on the scope of threat in today’s environment.