by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : May 30, 2014
In the face of ever-increasing cyber- security risks, signi cant attention is being paid to improving agencies pre- paredness and response to vulnerabili- ties and threats throughout the public sector. Two ways to go about support- ing those activities involve addressing cybersecurity from a risk-based frame- work and engaging top-level leadership in addressing security as a strategic priority. A third complementary imperative involves establishing an overall IT gov- ernance structure that includes cyber- security as a key enabler to achieving programmatic outcomes. Fortunately, agencies have a number of tools at their disposal to enhance their governance framework. OMB policy drivers for IT governance At the end of 2008, the Of ce of Man- agement and Budget reaf rmed and clari ed the organizational, functional and operational governance framework required within the executive branch for managing and optimizing the effec- tive use of IT. OMB Memorandum 09-02 established an IT governance frame- work that addresses the manage- ment structure, responsibilities and authorities of heads of departments and agencies and their CIOs in plan- ning, acquiring, securing, operating and managing IT systems and assets within the department or agency. The memo requires that agencies designate an executive-level CIO who reports to the head of the organization and has formal and full responsibility for all requirements set forth in stat- utes, regulations and public laws. That CIO also has ultimate responsibility for the governance, management and delivery of IT mission and business programs at the agency and must have an effective operative means of meet- ing that responsibility. Furthermore, the CIO has the authority to set agencywide IT policy, including all areas of IT governance such as enterprise architecture and standards, IT capital planning and investment management, IT asset man- agement, IT budgeting and acquisition, IT performance management, IT risk management and IT workforce man- agement. The authority also extends to IT security and operations and IT information security, working with the agency chief information security of - cer and other security of cials. In August 2011, OMB issued related guidance in memo 11-29, which updat- ed policy regarding the CIO s role in IT governance and explicitly discussed information security as part of the CIO s responsibilities. Taken togeth- er, those two OMB memos provide a strong framework for incorporating security considerations into overarch- ing IT governance and strategy. That approach allows agency leaders to properly assess security risks in the context of risks and bene ts from IT initiatives more broadly and from the programs that leverage IT and require good security to be successful. An industry framework for implementation One way to achieve the objectives of strong IT governance is to incorporate the COBIT 5 framework as a guide to implementing sound IT governance at the enterprise level. COBIT, which stands for Control Objectives for Infor- mation and Related Technology, serves as a business framework for the gover- nance and management of enterprise IT and clearly de nes IT governance as distinct from IT management. Accord- ing to the COBIT 5 framework: "Gover- nance ensures that stakeholder needs, conditions and options are evaluated to determine balanced, agreed-on enterprise objectives to be achieved; setting direction through prioritization and decision-making; and monitoring performance and compliance against agreed-on direction and objectives." BY DAN CHENOK AND JOHN LAINHART As agency leaders seek to reinforce cybersecurity, an OMB policy and industry implementation framework can provide context and support for sound IT governance Improving IT security through better governance DrillDown 26 May 30, 2014 FCW.COM
May 15, 2014
June 30, 2014