(ISC)²® (“ISC-squared”) has provided a series of recommendations for the recently appointed federal chief information security officer (CISO) to consider in order to keep critical workforce issues at the forefront during the coming year of presidential transition.
The recommendations were delivered last week directly to Federal CISO Brigadier General (retired) Gregory J. Touhill, government officials at the White House and the Office of Personnel Management, as well as other influencers within the federal workforce community.
As supported by data from The 2016 State of Cybersecurity from the Federal Cyber Executive Perspective: An (ISC)2 Report, leaders are realizing that “people” can be their organization’s greatest cybersecurity asset, or their greatest liability.
Federal executive survey respondents said that cybersecurity within their agencies continues to be viewed largely as an information technology endeavor, with many organizational departments ranking cybersecurity as unimportant to their roles.
Consequently, “people” through actions both intentional and neglectful, remain the greatest security vulnerability to federal agencies, according to nearly half of federal executive survey respondents.
During the June gathering of (ISC)²’s U.S. Government Advisory Council (USGAC), Council members representing current and former CISO-level executives from federal agencies and departments were asked to build on these survey outcomes with specific recommended actions that address the following topics:
- Distinguishing between and addressing the needs of the cyber vs. general workforce
- Improving awareness and vigilance across the organization, and
- Effectively addressing the shortage of talent based on the evolving role of the cyber professional
“Based on our research, advancing an organization’s security agenda no longer rests upon educating its cyber workforce: rather, it must educate its entire workforce, across all departments, in cyber,” said Dan Waddell, CISSP, CAP, PMP, USGAC chair, (ISC)² managing director, North America Region, and director, U.S. Government Affairs.
“Our goal in delivering these recommendations to Brig. Gen. Touhill is to support workforce prioritization and facilitate dialogue among those in the federal CISO community as critical decisions are being made during the upcoming presidential transition period, and beyond.”
For a copy of the letter sent to members of the U.S. government cybersecurity community that includes a complete list of (ISC)²’s recommendations, please visit https://www.isc2.org/isc2-to-fedCISO.
(ISC)² is an international nonprofit membership association focused on inspiring a safe and secure cyber world.
Best known for the acclaimed Certified Information Systems Security Professional (CISSP®) certification, (ISC)² offers a portfolio of credentials that are part of a holistic, programmatic approach to security.
Our membership, over 115,000 strong, is made up of certified cyber, information, software and infrastructure security professionals who are making a difference and helping to advance the industry.
Our vision is supported by our commitment to educate and reach the general public through our charitable foundation – The Center for Cyber Safety and EducationTM.