by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : October 30, 2013
Every government agency seeks the elusive "secret sauce" for cybersecu- rity --- the right combination of defens- es, policies and people that creates the best position against cyberattacks. But too often, the pursuit becomes mired in compliance and the complexities that de ne today s congested cyber landscape. Much needs to change in terms of federal cybersecu- rity, including a wholesale shift in approach that bet- ter integrates agility, con- tinuous monitoring and a broader team beyond IT, said former top officials at an Association for Fed- eral Information Resources Management event earlier this month. "We need to get away from this compliance-focused approach to cybersecurity and mature that entire process to adapt to the changing threats and a changing land- scape," said Earl Crane, former direc- tor of federal cybersecurity policy on the White House s National Security Staff and now a senior principal at Promontory Financial Group. Much of the new approach to cyber- security that experts encourage cen- Cybersecurity's secret sauce: Audits? is the Federal 100 nomination deadline. Submit yours now at FCW.com/fed100. 12/23 Trending ters on continuous monitoring and risk management. Crane and others argue that those changes are overdue, along with others that date to the 1996 Clinger-Cohen Act. Karen Evans, national director of the U.S. Cyber Challenge and former administrator of e-government and IT at the Of ce of Management and Budget, said the conver- sation about how investment priorities, risk tolerance and contingencies support an agency s primary mission was "supposed to have been happening since 1996, but it s still not happening," she said. "We have all these tools out there, but until we have this conversation, nothing can happen." Evans suggested another shift in approach: Although consis- tency might be lacking in policy and governance, other sources --- including audits and inspector general reviews --- can be effective in getting through to decision-makers. "The things that senior leadership does respond to are GAO reports [and] IG reports, and in private industry, the audit committee is the most powerful on any board," Evans said. Those audits and reports can be essential in identifying gaps in an agen- cy s security stance and, as a result, can supplant outdated or cumber- some directives with more effective guidance. Cybersecurity is "now being brought into the audit committee because that s what leadership looks at --- they look at the results of an audit," Evans said. "And so what some of us think needs to happen is the IGs in the government monitoring against that. They do the evaluation from that point, and that becomes the baseline of the agency from an independent evaluation." Still, that can mean a signi cant departure from the status quo, which is dif cult. "In government, in my experience, you have to bring people along to effect change, and it s a long process," said Richard Spires, former Department of Homeland Security CIO. "Before you can get it done, things change out from under you. Leadership changes, some new dynamic hap- pens and then you nd yourself back at square one. I think those changing dynamics can be a big reason why we don t have these sophisticated" processes. --- Amber Corrin October 30, 2013 FCW.COM 3 Karen Evans and other experts say audits could spur better security. FCW CALENDAR Identity management AFCEA Bethesda's November breakfast will focus on "Next Generation Authentication and Identity Management: From Cloud to Mobile." Bethesda, Md. http://is.gd/Wj1dQ6 Cybersecurity The CIA's Dawn Meyerriecks will keynote the 2013 FedCyber Summit, which also features speakers from the departments of Defense, Homeland Security, and Health and Human Services. Arlington, Va. http://is.gd/exagaq 11/7 11/6 GCN Awards Gala FCW's sister publication will host the 26th Annual GCN Awards Gala to honor 15 top teams in federal, state and local IT. McLean, Va. GCN.com/gala 11/19 STAN BAROUH
September 30, 2013
November 15, 2013