by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : August 30, 2015
Further, based on guidance from the Office of Management and Budget, FISMA was implemented at a time when cyberthreats were still emerging and technology had not yet evolved enough to necessitate a security development life cycle. In fact, until very recently, systems were certified and accredited on a three- year cycle. That cycle might be manage- able, but it is comical when looking at the rapid evolution of technology and the cyberthreat environment. Further- more, FISMA required the generation of paper-based reports that diverted time, resources and personnel from effective security efforts. At the IRS and then DHS, I was con- sistently reluctant to put my confidence in the yearly FISMA reports because they did not reflect the reality of our overall IT environment’s security pos- ture. That can only be accomplished through the proper use of tools that continuously monitor the IT environ- ment and react to and mitigate threats in near-real time. 3. A slow and cumbersome acquisi- tion process. The problem is exacer- bated when funds are available to invest in IT security yet it is ponderously slow and difficult to buy commercial solu- tions to help address vulnerabilities. When I was at DHS, I was a proponent of the Continuous Diagnostics and Miti- gation program but was dismayed to see how long it took (two-plus years) just to implement Phase 1. And then agencies had to go through an additional compet- itive process within the CDM program to obtain capabilities. I am all for fair competition, but with sophisticated adversaries that will exploit any and all vulnerabilities, the government amplifies its vulnerabili- ties when it takes many months (if not years) to procure and deploy new IT security capabilities. Those root causes have led us to the current situation of the government pay- ing a huge economic cost because of inefficiency, duplication and unsecure IT systems and infrastructure. And what is worse, we will now likely pay an even greater cost in the exposure of the per- sonally identifiable information of mil- lions of current and former government employees — certainly in terms of those individuals’ privacy and potentially in terms of our national security as well. My next two columns will cover rec- ommendations for addressing those root causes, including the importance of properly implementing the Federal IT Acquisition Reform Act and the update to FISMA. n REGISTER NOW AT: FCW.COM/2015CloudComputingSession2 FEATURING: Patrick Stingley, CTO, Bureau of Land Management at the Department of the Interior FCW WEBCAST SERIES SESSION 2 Cloud Computing: Serving the Integrated Enterprise SEPT 15th, 2015 @ 2PM ET REGISTER REGISTER CLOUD COMES OF AGE SPONSORED BY: VMware, Carahsoft and Carpathia, A QTS Company 32 August 30, 2015 FCW.COM CIOPerspective 0830fcw_031-032.indd 32 8/12/15 12:22 PM
August 15, 2015
September 15, 2015