Return to Article: DHS technology chief faces tough questioning at House hearing
-
26486
Hiring a CISO will only work but if the CIO is fully sold on implementing tough security measures. By implementing the right systems (i.e. firewalls, VPNs, SPAM/SPYWARE devices, Proxy devices, URL/Content Filetering, etc) via a defense in depth strategy, by constantly monitoring network security status and by making adjustments on a 24X7 basis, good security can be achieved. However, even with the best sytems and processes, user training is still the toughest aspect of network security. Even if thte network Security Team patches every vulnerability and effectively respnds to every IA incident and zero day attack; there still remains an ongoing requirement to train users continuosly. But as I stated in the beginning unless the CIO level support is crucial to a CISO's success. Network Security is critical to Network Operations; to succeed implement measures that ensure the data that is required, is available to those who need it and is protected from those who do not have the rights to it.
-
26424
Actually, every department and agency has the authority to go beyond the requirements of FISMA. There is no reason for Federal government departments and agencies to have the kind of security breaches that have been made public in the last few years. If there are no adequate tools or processes, the Department CIO's should work with their CISO's to develop and then implement them.
-
26413
Perhaps Mr. Charbo should consider hiring or appointing a Chief Infroamtion Security Officer (CISO).
It is clear that DHS needs to apply securtity expertise which is currently lacking.
-
26396
I am not sure if Mr. Charbo is the one the committee should be focused on. The security problem DHS is experiencing reflects a greater problem, and that is lack of common methods and tools to guide/audit these solution architectures. If congress encouraged the adoption of a common Solution Architecture Assessment framework that enabled its contractors to detail HOW they were architecting security into these systems, then and only then would Mr. Charbo have the ability to execute oversight. This problem is exacerbated by PMO support contractors whom have a vested interests in the outcome; IT development, implementation, integration.
PROMO RIGHT: EVENTS
UPCOMING WEBINARS
NOVEMBER 18
Speed bumps for Teleworking: What are they and how to avoid them?
DECEMBER 3
Achieve Program Success: Unlock the Management Information in Your Data
DECEMBER 10
Practical Transparency: Applying Exchange Networks for Mission Results
PROMO RIGHT: DIRECTORIES
Post a Comment
To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.