A Plan to Secure the Federal Cyberspace, Part 3
CSO - About this series: In a paper he wrote and published before President Obama's announcement regarding the creation of a national cybersecurity coordinator, Ariel Silverstone, CISSP, put forward his thoughts about the necessity of having a chief security officer for the United States. In this Final installment, he discusses timelines and priorities as he sees them. Silverstone then addresses the need for input and involvement from academia and the private sector.
TimelineThe breadth of the job ahead demands priority assignation. The same weight cannot be placed on every goal; the same priority cannot be given to every task. We know there is plenty to be done. As a matter of pragmatism, we must quantify the risks and the available resources.
Breaking the challenge down into a three-tier plan makes our approach and resource planning and allocation more feasible. Some items will require immediate consideration and mitigation. I would place those in the urgent plan. Known problems that require a measured and well-executed approach will be put into the tactical plan, to be addressed within one to three years. Finally, those large tasks for which resources and plans must be marshaled belong in the strategic plan, to be addressed within a 3-to-5-year period.
For multi-year funding issues, please refer to the budget section above.
The urgent planThe very first task of any information security program is to create awareness of the opportunity to improve, the benefits of information security, and the drawbacks to being insecure. Every dollar spent in what is generally referred to as awareness is returned many fold in the form of informed professionals, watchful personnel and ab initio securely defined systems, tasks and procedures.
The role of Information Security, as a part of the inherent design of processes, is to facilitate progress. Without information security, tools that we rely on for the performance of our daily jobs, and even our daily life, will not be possible. As some examples describe, government services, currently offered in a portal form, would not be available; medical insurance would be unfeasible; and credit would not be extensible.
A coherent and far-reaching information security awareness program must be developed. This program will be communicated through the auspices of educational facilities from the secondary school level and beyond. A workplace program for organizations that manage and access critical and sensitive systems must be thought out. Such a plan should not have to come from the Federal government, but should be encouraged and perhaps even mandated by funding and emphasis on information security.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts