via Fierce Government IT
Agency CIOs are consumed with compliance and check boxes rather than focused on cybersecurity and risk management, said a Aug. 23 panel of cybersecurity experts.
“Compliance is my worst nightmare,” said David Stender, associate chief information officer at the Internal Revenue Service. “If you’re really trying to be compliant you’re spending way too much money to achieve that,” he added, while speaking at a MeriTalk event in Washington, D.C.
Real risk management means being prepared for an incident, as well as the impact of that incident on a system, explained Peter Mell, a senior computer scientist at the National Institute of Standards and Technology. “As far as I can tell, I don’t know of anybody that’s doing risk management,” said Mell.