A Plan to Secure the Federal Cyberspace, Part 3
CSO - About this series: In a paper he wrote and published before President Obama's announcement regarding the creation of a national cybersecurity coordinator, Ariel Silverstone, CISSP, put forward his thoughts about the necessity of having a chief security officer for the United States. In this Final installment, he discusses timelines and priorities as he sees them. Silverstone then addresses the need for input and involvement from academia and the private sector.
TimelineThe breadth of the job ahead demands priority assignation. The same weight cannot be placed on every goal; the same priority cannot be given to every task. We know there is plenty to be done. As a matter of pragmatism, we must quantify the risks and the available resources.
Breaking the challenge down into a three-tier plan makes our approach and resource planning and allocation more feasible. Some items will require immediate consideration and mitigation. I would place those in the urgent plan. Known problems that require a measured and well-executed approach will be put into the tactical plan, to be addressed within one to three years. Finally, those large tasks for which resources and plans must be marshaled belong in the strategic plan, to be addressed within a 3-to-5-year period.
For multi-year funding issues, please refer to the budget section above.
The urgent planThe very first task of any information security program is to create awareness of the opportunity to improve, the benefits of information security, and the drawbacks to being insecure. Every dollar spent in what is generally referred to as awareness is returned many fold in the form of informed professionals, watchful personnel and ab initio securely defined systems, tasks and procedures.
The role of Information Security, as a part of the inherent design of processes, is to facilitate progress. Without information security, tools that we rely on for the performance of our daily jobs, and even our daily life, will not be possible. As some examples describe, government services, currently offered in a portal form, would not be available; medical insurance would be unfeasible; and credit would not be extensible.
A coherent and far-reaching information security awareness program must be developed. This program will be communicated through the auspices of educational facilities from the secondary school level and beyond. A workplace program for organizations that manage and access critical and sensitive systems must be thought out. Such a plan should not have to come from the Federal government, but should be encouraged and perhaps even mandated by funding and emphasis on information security.
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Ponemon 2014 SSH Security Vulnerability Report According to research by the Ponemon Institute, 3 out of 4 enterprises have no security controls in place for SSH which leaves organizations...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!