by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 2014
The increased importance and com- plexity of securing the government’s data have resulted in a steady expansion of the influence and scope of the information security function. In reaction, most federal information security leaders have changed their focus from security operations to risk reduction. The most progressive of them, however, no longer try to eliminate information risk. Instead, they adopt a position on risk management that is characterized by three behaviors: identifying and communicating risk in business terms, presenting risk owners with useful risk trade-offs and supporting risk decisions by those who own the risk. Unfortunately, most information security teams do not have the skill sets to manage risk in those ways. CEB research has found that 78 per- cent of chief information security officers believe security customers do not view information security teams as trusted partners in making key business decisions. And nearly two-thirds believe security custom- ers do not find their teams easy to work with. Furthermore, nearly two-thirds of CISOs said the time they spend on talent management activities has increased in the past three years, with 20 percent of the CISO’s time — or one day per week — now spent on talent management activi- ties such as coaching and develop- ment, performance management and talent planning. But despite significant invest- ment, CISOs’ concerns continue to grow in the face of three main challenges: 1. Sourcing challenge. It’s difficult to find individuals with a balance of IT and engagement skills. Once lead- ers find good employees, it’s hard to keep them. Our research shows that 37 percent of high-performing infor- mation security professionals intend to look for a new job within a year. 2. Structural challenge. The typi- cal information security team has grown in size and complexity, so managing talent in an impromptu manner is no longer sustainable. Rapid growth in new activities — such as business interfacing, risk assessment and advanced threat defense — requires new skills. 3. Performance challenge. According to our benchmarking, one-third of current employees do not meet performance expectations. Security professionals in business- facing roles do not have the needed “soft” skills, and those in technical roles do not have the latest techni- cal expertise. As progressive information secu- rity teams take up the mantle of true risk management, they look for employees who have the ability to constructively engage with business partners. Given how difficult it is to find those individuals, leaders must take a multipronged approach: 1. Adopt a competency-based approach to talent management. Competencies are more predic- tive of employee performance than criteria such as experience and certifications. Leaders should define competencies for their teams and use them to drive hiring, develop- ment and planning decisions. 2. Build and promote an effec- tive employment value proposi- tion. Emphasizing the attributes that matter most during recruitment efforts allows leaders to penetrate deeper within the labor market and attract top talent. 3. Involve customers across the talent life cycle. With 85 percent of security employees interacting with customers at least weekly, hiring managers must consider the customer perspective when making talent decisions. 4. Invest more time in strategic talent management activities. Focusing on strategic talent activi- ties has 2.25 times as much impact on outcomes as managing day-to- day talent tasks. Prioritize activities such as creating a strategic work- force plan to build a sustainable team for the future. ■ Building top-notch information security teams High-performing security teams look very different today than they did a decade ago, but too many agencies have paid insufficient attention to attracting and developing the right talent Nearly two-thirds of CISOs said the time they spend on talent management activities has increased in the past three years. 12 October 2014 FCW.COM Commentary | BRIAN GAGNON AND A U D R E Y M I C K A H A I L BRIAN GAGNON is a senior director and AUDREY MICKAHAIL is a director at CEB.
September 30, 2014
November and December 2014