by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 30, 2012
October 30, 2012 FCW.COM 17 lems are also there and need attending to," he said. Likewise, it is vital early on to create a governance process for making decisions about which risks will be targeted and what steps will be taken to mitigate them. That process will need to cover the entire enterprise. Once it has been decided that there is a risk in a par- ticular organizational unit with an operational mission responsibility, the governance process will require the professional who can assess that risk to characterize it and describe it to the operational manager, said Lee Hol- comb, vice president of strategic initiatives and cyber operations at Lockheed Martin Information Systems and Global Solutions. "That manager needs to be able to say he will invest the money to x that risk and put in a process to mitigate it, or that he will at out accept the risk and not invest in mitigation," said Holcomb, whose federal career includes serving as CIO at NASA and chief technology of cer at the Department of Homeland Security. "That discussion is a central one that absolutely needs to take place." He added that one of the current challenges in the cybersecurity area --- and it relates directly to the assess- ment of risk --- is the need for people to be able to say what an additional dollar of investment buys in terms of security. "There are probably a signi cant number of agencies that don t have a rich discussion of that through a governance process," he said. Leadership commitment is also essential for imple- menting an effective risk management program, said Henry Sienkiewicz, vice chief information assurance executive at the Defense Information Systems Agency. Furthermore, the governance process is vital to ensure ongoing collaboration and synchronization of the efforts of the multiple groups and teams that will be involved. Sienkiewicz said key areas include "identifying roles and responsibilities across the organization, methods for de-con iction of issues, means of communication with stakeholders, sharing of information and ensuring leadership acceptance of risks." Assessing the risks that must be managed is typi- cally more of an art than a science. NIST recently published the nal version of its risk assessment guide- lines, Special Publication 800-30, which covers what it sees as the four elements of a classic risk assess- ment: threats, vulnerabilities, impact to missions and business operations, and the likelihood of a threat exploiting vulnerabilities in information systems and their physical environment to cause harm. The document provides a common lexicon regard- ing risk factors that in uence the method of assessing and ultimately managing risks, Sienkiewicz said. But he added that the methods for assessing risk are more Sponsored by General Dynamics Information Technology SCAN THIS QR CODE with your smartphone for the full research report. TOPICS INCLUDE Wireless networks: Getting ahead of the demand Bandwidth hogs: What's on your network? Under attack: Network security trends The cloud: An extension of your network Future pipes: 4 networking technologies for the future FCW.com/ModernNetwork TO LEARN MORE, VISIT Modernizing the Network SPECIAL REPORT
October 15, 2012
November 15, 2012