By Steve O’Keeffe — http://bit.ly/tRzgwS
- Thresholds and Shared Services: Let’s simplify FISMA and put some real teeth in the jaw. What real areas of cyber security do agencies need to cover – how about a list of 10 items? What about minimum levels of performance – nix the grading and move to pass/fail? If agencies can’t meet the thresholds, require that they outsource their security to another Federal agency – yes, that’s a shared service
- CISO CV: Why not establish minimum qualifications for Federal CISOs? What credentials/certifications are required in IT, security, business/budget management? You wouldn’t go to a doctor who wasn’t an MD, would you?
- Clearance Chaos: Why not standardize security clearances across Federal agencies? This would accelerate the pace, reduce the cost, and improve the outcome of inter-agency collaboration – and critically, allow for better information sharing with the intelligence community and DHS