100 likes | 125 Views
Explore a federal CISO's perspective on FISMA compliance, cybersecurity challenges, and strategic initiatives in the US Treasury Department. Discover the complexities of balancing high-priority tasks while ensuring security and regulatory compliance.
E N D
One CISO’s Viewpoint Get Involved and Remain Vigilant: This is a picture of the US Treasury Department. For more details on the slides look in the “notes” Ed Roback ACIO for Cyber Security / CISO U.S. Department of the Treasury October 4, 2006
What’s on the mind of a Federal CISO? • FISMA Compliance • FISMA Compliance • FISMA Compliance • FISMA Reporting • Improving Security • Addressing a long-standing Material Weakness
There’s a lot on his mind… • IG-Identified “Management Challenge” • Major systems inventory • POA&Ms – are developed in a substantially consistent manner, weaknesses are prioritized and tracked for all bureaus • Specialized training • Ensure all systems have a developed/tested Contingency Plan • Enhance C&A process (poor, forgotten child systems) • Annual Testing / Continuous Monitoring (post-800-26) • Protecting Treasury info shared with Third Parties
We’re not done yet… • DGRFT JZYSW EPUSE LOPSE CYHQW … • The Color Green • Supporting the PMA • New Technology Challenges – Risks and Opportunities • Building Partnerships • Doing More with Never Enough • Developing and justifying out-year initiatives • Building and Maintaining self and staff competence
… not yet ... • Cyber Pearl Harbors • Getting Encryption Deployed • The Inspectors(!) General • M 06-15, M 06-16, M 06-19, M 06-20, 800-xx, FIPS xx, CNSS xx, DCID x/x .. • Balancing Assistance with Oversight • Timely Notifications to US-CERT • Physical Loss Reporting • What’s coming down the track from: OMB, NIST, CNSS, NSA, and DNI?
What does this mean? • There’s a lot to do • Need to balance: • Many high-priority challenges simultaneously • The here-and-now with what’s next • High-security impact vs. high visibility • Security with cost • Regulatory compliance with security • Perspective is critical