by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : June 15, 2015
DAVID WENNERGREN is senior vice president of technology at the Professional Services Council. Commentary | DAVID WENNERGREN Every day, new technologies and applications offer opportunities to change how we work, live and play. This frenetic pace is rivaled only by the ever-increasing number and sophistication of the cybersecurity threats we face. We want to be always connected, from any device, from anywhere. Yet with each new capability that we embrace, new threats and vul- nerabilities are introduced. We must re-evaluate our cyberse- curity efforts to ensure that we can quickly exploit new technologies to deliver more effective mission results. Today, the call for speed and agility is nowhere more crucial than in our cybersecurity policies and practices. Progress has been made. Infor- mation assurance professionals used to have to plead that security not be an afterthought. We should applaud federal successes in iden- tity management, public-key infra- structure, Trusted Internet Connec- tions, common security controls, Joint Regional Security Stacks, data-at-rest encryption and continu- ous monitoring. But despite heightened aware- ness and attention, many orga- nizations are not operating at a fast enough pace to make use of important new technologies and proven best practices. And as is often the case, the impediment that most stands in our way is not the adoption of new technology but the acceptance of new thinking. Through the use of the Com- mon Access Card, the Defense Department significantly improved information and physical security, not to mention enabling electronic solutions to replace labor-intensive, paper-based processes. Yet many civilian agencies still use personal identity verification cards as little more than flash passes. A number of cybersecurity threat vectors, not to mention barriers to information sharing, could be successfully addressed through the combination of strong iden- tity management, attribute-based access control and security at the data level. Another conundrum we face is the difference between oversight and outcome. Continuous monitor- ing provides far more value than a point-in-time focus on certification and accreditation. And although we have long touted the value of reciprocity and the goal of “certify once, use many,” the adoption of cloud computing in the federal gov- ernment provides a great example of a promising technology solution that is lagging in implementation. It was great to see the recent press release from the Defense Information Systems Agency that highlighted 23 commercial cloud service offerings that had been granted provisional authoriza- tions. Yet those proven offerings still require a DOD organization to conduct the assessment that would lead to an authority to oper- ate — all for solutions that will not handle sensitive information and that have previously been granted a FedRAMP agency ATO or provision- al authorization. Those examples share two clas- sic change management issues: the desire for personal control and a lack of trust. The processes we institute to address those issues must not take the place of what matters most: measurable outcomes that ensure mission results. A world where we rally around a common goal of secure information sharing will be one where our secu- rity efforts help ensure the rapid adoption of new technologies and the ability to get the right informa- tion to the right person. Some laws, such as the Federal Information Security Management Act, must be changed, and new laws addressing liability and information sharing must be enacted. But perhaps even more impor- tant than changing laws is chang- ing attitudes to stay ahead of the threats we face and deliver the results we need. n Cybersecurity: Valuing outcomes, not oversight Although the government has made progress on cybersecurity, we need to make better use of the tools we have Today, the call for speed and agility is nowhere more crucial than in our cybersecurity policies and practices. June 15, 2015 FCW.COM 13 0615fcw_013.indd 13 5/22/15 9:17 AM
May 30, 2015
June 30, 2015