By Steve O’Keeffe — http://bit.ly/tRzgwS
As the 25-Point Plan sputters and the fizz over IT innovation goes flat, is it time to go back to basics in making Fed IT better? Now seems to be a good time for pragmatism. And, as we return to the old chestnuts, where better to start than security? Are you tired of the talk – and looking for some real action?
Here are three common-sense ideas from a Federal CISO to make government IT more secure:
- Thresholds and Shared Services: Let’s simplify FISMA and put some real teeth in the jaw. What real areas of cyber security do agencies need to cover – how about a list of 10 items? What about minimum levels of performance – nix the grading and move to pass/fail? If agencies can’t meet the thresholds, require that they outsource their security to another Federal agency – yes, that’s a shared service
- CISO CV: Why not establish minimum qualifications for Federal CISOs? What credentials/certifications are required in IT, security, business/budget management? You wouldn’t go to a doctor who wasn’t an MD, would you?
- Clearance Chaos: Why not standardize security clearances across Federal agencies? This would accelerate the pace, reduce the cost, and improve the outcome of inter-agency collaboration – and critically, allow for better information sharing with the intelligence community and DHS
By establishing simple tests, transparency, and accountability, we can concentrate security budgets and provide better security for all. Not increase the bucks – just the bang. Not surprisingly, the best ideas come from the operators – so let’s listen to the CISOs.
Got ideas to put Uncle Sam on a more secure footing? We’re all ears…