A Plan to Secure the Federal Cyberspace, Part 3
CSO - About this series: In a paper he wrote and published before President Obama's announcement regarding the creation of a national cybersecurity coordinator, Ariel Silverstone, CISSP, put forward his thoughts about the necessity of having a chief security officer for the United States. In this Final installment, he discusses timelines and priorities as he sees them. Silverstone then addresses the need for input and involvement from academia and the private sector.
TimelineThe breadth of the job ahead demands priority assignation. The same weight cannot be placed on every goal; the same priority cannot be given to every task. We know there is plenty to be done. As a matter of pragmatism, we must quantify the risks and the available resources.
Breaking the challenge down into a three-tier plan makes our approach and resource planning and allocation more feasible. Some items will require immediate consideration and mitigation. I would place those in the urgent plan. Known problems that require a measured and well-executed approach will be put into the tactical plan, to be addressed within one to three years. Finally, those large tasks for which resources and plans must be marshaled belong in the strategic plan, to be addressed within a 3-to-5-year period.
For multi-year funding issues, please refer to the budget section above.
The urgent planThe very first task of any information security program is to create awareness of the opportunity to improve, the benefits of information security, and the drawbacks to being insecure. Every dollar spent in what is generally referred to as awareness is returned many fold in the form of informed professionals, watchful personnel and ab initio securely defined systems, tasks and procedures.
The role of Information Security, as a part of the inherent design of processes, is to facilitate progress. Without information security, tools that we rely on for the performance of our daily jobs, and even our daily life, will not be possible. As some examples describe, government services, currently offered in a portal form, would not be available; medical insurance would be unfeasible; and credit would not be extensible.
A coherent and far-reaching information security awareness program must be developed. This program will be communicated through the auspices of educational facilities from the secondary school level and beyond. A workplace program for organizations that manage and access critical and sensitive systems must be thought out. Such a plan should not have to come from the Federal government, but should be encouraged and perhaps even mandated by funding and emphasis on information security.
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!