Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Search Tags: cyberspace
People exercise risk management, consciously and unconsciously, every day.
Many of us drive on a daily basis. Some speed, and risk the chance of getting caught, while others are more conservative and drive the exact speed limit. We base our decision on whether or not to exceed the speed limit on the information available to us at the time, including our knowledge, past experiences, or the conditions we see in front of us. We weigh the risks against impacts and consequences, making decisions based upon our tolerance for the outcomes. The same is true for federal cyber risk management.
Securing federal information and assets in cyberspace is the primary driver behind cybersecurity. Even so, other factors help define risk, including the potential for negative publicity if a cyber breach occurs, the impact to budget/performance plans if FISMA grades fall short, or the potential for investigations or congressional hearings if the burning issue of the day burns a bit too bright for too long. Federal cyber risk management fundamentally boils down to making risk decisions based upon an agency's risk tolerance - and the drivers behind an agency's tolerance vary across the federal government.
Risk is defined as the likelihood of a future event that may have unintended or unexpected consequences. Federal agencies make the best cyber risk management decisions by using data and information to evaluate the agency's strengths and weaknesses for delivering on its cyber mission in the context of potential threats.
Agencies must use information and data from various disparate sources across the enterprise to make these decisions, including audit log information, vulnerability data, asset information, the agency's regulatory compliance status, external and internal threat activity, human capital risks to the cybersecurity mission, and many more. As challenging as it may be for agencies to consume large volumes of disparate data, it is a challenge that is essential to overcome for agencies to make the best cyber risk management decisions.
Is this achievable? Absolutely. The business intelligence movement established the foundation allowing agencies to minimize risk exacerbated by ad-hoc decision-making. Leveraging business intelligence capabilities for cybersecurity enables agencies to aggregate data across technical and organizational stovepipes and to provide agency cybersecurity leaders with mechanisms for making informed, risk decisions. By better understanding the cyber landscape, federal cybersecurity leaders can - much like our speeding driver example - understand "how fast" to drive and make better investment decisions when addressing enterprise cybersecurity risks.
August 12th, 2010 at 11 AM
How does one assure trust in Cyberspace? As citizens, government, and business enterprise increase the amount of information that is shared online, fundamental questions arise around security requirements, data and identity management, and infrastructure. Trusted online environments can reduce costs, expand services, and are critical to protecting how, and to whom, information is shared. Securing identities in transactions is an essential component to building trusted online systems and a critical priority for both business and government. As online information sharing and collaborative services evolve between people and technologies, will trust emerge as the next "Killer App"?
Tags: technology , Expert Voices presented by Booz Allen , Booz Allen , Expert Voices , Citi , Citibank , NSTIC , trust , trusted services , trust framework , securing identity , identity management , cybersecurity , cyber , Michael Farber , IT , John Clippinger , Berkman Center for Internet & Society , Dr. Jeff Voas , NIST , Hilary Ward , Global Transaction Services