by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 15, 2013
SPONSORED REPORT: SNAPSHOT Workforce key to cyber success Evolving security threats require more strategic approach to training THE SITUATION WITH the federal cybersecurity workforce is more complicated than many people might assume. It s no secret that federal agencies often have dif culty recruiting and retaining security experts. But according to numerous reports, agencies also are running into prob- lems with managing the staffs they have. And they are ex- acerbating these problems by not addressing the need for cybersecurity-related training and awareness programs among system developers and end users. Perhaps the lack of training should not be surprising because training programs rarely fare well during tight bud- gets times. But in this case, the lack of training could be costly, according to the Government Accountability Of ce. The ability of agencies to protect systems "is depen- dent on the knowledge, skills and abilities of the federal and contractor workforce that uses, implements, secures and maintains these systems," GAO wrote in a February 2013 report. That includes federal and contractor employees who use IT systems as well as system designers, developers and programmers. The cybersecurity workforce itself, though, remains a particular concern. It s not enough to simply hire or "train up" cybersecurity workers, experts say. What is needed is a systemic approach to ensuring that an organization both understands its cyber workforce needs and has the resources available to meet them. That sort of strategic thought is often sorely lacking in federal agencies. GAO notes that a study conducted in late 2011 found that only two of the eight agencies reviewed had developed cyber workforce plans, and only three had developed departmentwide training programs for their cybersecurity workforce. Several tools are available to help agencies develop cyber workforce strategies. For example, in August 2012, the National Institute of Standards and Technology pub- lished the National Cybersecurity Workforce Framework, which provides a common vocabulary for discussing cybersecurity work and the associated knowledge, skills and abilities. Another resource is the Federal Virtual Training Environ- ment. FedVTE, available through the National Initiative for Cybersecurity Education, provides a library of training material, including classroom lectures. Given the growing complexity of cybersecurity and the ongoing workforce shortages, agencies are bound to in- vest more money in automation. That said, they still must invest in their existing employees. It s all about helping an organization maintain its "secu- rity edge," according to Heidi Shey, an analyst at Forrest- er Research. Part of that is making sure that employees keep their skills up-to-date. But it s also about "encourag- ing new ideas to ow" and "preventing the security group from getting stale and set in their ways and habits," she wrote in a recent blog post. "A security team and an organization that maintains their security edge will be better equipped to protect their organization and its assets through better decision-mak- ing at all levels," Shey wrote. GET THE FULL REPORT ONLINE AT: FCW.com/2013InfrastructureSecurity Get More Online... Infrastructure Security Report Articles: New cyber threats demand innovative solutions Budget scrutiny ups ante for cybersecurity planning Agencies urged to strengthen risk management efforts Continuous monitoring: Don t take it lightly INFRASTRUCTURE SECURITY Several tools are available to help agencies develop cyber workforce strategies
April 30, 2013
May 30, 2013