From: FCW
By Dave McClure, Thomas Romeo
At their core, virtually all government agencies are process-driven, and this is especially true in direct citizen- and business-facing agencies. Systems and software that are driven by business processes are increasingly being implemented on top of service-oriented or cloud-based infrastructures, and they are becoming intertwined with security and privacy compliance.
Too often in government, business and security risk assessments are conducted as formalities and in a rather disjointed fashion. Information security/technology teams usually do not know the business processes and therefore focus their risk assessments on specific threats and “cool” technologies streaming out of industry. Consequently, in investment review board meetings, CIOs are unable to justify the need for new security protections or products in business terms.
Leave a Reply