How agencies can improve cybersecurity — without waiting for Congress

From: FCW

By Amber Corrin

White House efforts to better protect the networks of government agencies and critical infrastructure operators have been described as a down payment on federal cybersecurity, but with fast-moving threats and continued intrusions, officials are looking for ways to get more secure more quickly.

After Congress failed to pass cybersecurity legislation last year, President Barack Obama introduced an executive order that focuses on security standards, information sharing and privacy protections. Those directives are now in the early stages of going into effect. Lawmakers have vowed to take up cyber legislation again this year, but in the meantime, a new report offers a framework for federal, state and local agencies to get ahead on cybersecurity.

SafeGov issued the report, titled “Measuring What Matters: Reducing Risk by Rethinking How We Evaluate Cybersecurity,” in conjunction with the National Academy of Public Administration at an event March 26. The document states that “despite the guidance of experts and millions of taxpayer dollars, federal information systems remain critically vulnerable to breaches and cyberattacks. This approach will strengthen the security of government information systems and improve the overall management of government resources by focusing scarce resources on the areas that pose the highest risks to agencies’ missions.”

The guidelines build on work already under way at a number of agencies, including the National Institute of Standards and Technology, the Office of Management and Budget, the Department of Homeland Security and the General Services Administration. They rely heavily on inspector general evaluations of how agencies are complying with the Federal Information Security Management Act.

Read Complete Article

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *