Federal CISOs remove the ‘human element,’ focus on known risk

May 9, 2011
Cyber Security, FedCyber Wire
No Comment

via Fierce Government IT

Cybersecurity is about assessing risk, not just vulnerabilities, and often a federal agencies’ biggest risks lie within the workforce, according to a National Security Agency official.

“[We often] put too much in the hands of under-loved, under-paid, under-equipped human beings, and yet that’s what we’ve done in the DoD for a long period of time. We’ve asked our front-line defenders to solve enterprise-level problems,” said Tony Sager, chief of the vulnerability analysis and operations group at NSA.

Large-scale problems must be solved “at scale,” and that means removing the human element from information technology where possible and leveraging a “much greater rate of standardization and automation,” he said May 5 at a Washington, D.C., event sponsored by InformationWeek called theGovernment IT Leadership Forum.”

Cyber attacks at the State Department quadrupled between 2008 and 2010, reaching 8,000 last year, said the department’s Chief Information Security Officer John Streufert. He decided to take a standardized approach to cybersecurity by focusing on known risks.

Continued here.