- Trending:
- cyber attacks
- defense bill
- BRAC
- Anne Rung
- postal reform
News
News from WTOP
News
Mike Causey
News
Shows & Panels
News
News
Shows & Panels
News
Shows & Panels
- Accelerate and Streamline for Better Customer Service
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Client Virtualization Solutions
- Data Protection in a Virtual World
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Feds in the Cloud
- Health IT: A Policy Change Agent
- Improving Healthcare Outcomes through IT Policy
- IT Innovation in the New Era of Government
- Making Dollars And Sense Out of Data Center Consolidation
- Navigating the Private Cloud
- One Step to the Cloud, Two Steps Toward Innovation
- Path to FDCCI Compliance
- Take Command of Your Mobility Initiative
- Veterans in Private Sector: Making the Transition
News
Shows & Panels
Copyright © 2013 by Federal News Radio. All rights reserved.
FederalNewsRadio.com - Purpose of Comments statement Click to show
Hubbard Radio, LLC encourages site users to express their opinions by posting comments. Our goal is to maintain a civil dialogue in which readers feel comfortable. At times, the comment boards following articles, blog posts and other content can descend to personal attacks. Please do not engage in such behavior here. We encourage your thoughtful comments which:
Hubbard Radio, LLC reserves the right to remove comments which do not conform to these criteria.
You are reading comments on the story:
Looking at OMB's Proposed FISMA Performance Metrics
While 2010 turns the page to a new decade, many threats from the past 10 years persist. In the cyber security world, nations such as China continue building cyber capabilities from an offensive and defensive perspective, resulting in what has become a new arms race.
In response to these threats, the Federal government hopes to shore up its defensive capabilities by mandating new FISMA performance metrics that incorporate "real-time" countermeasures—with real-time being the keyword. Real-time denotes the ability to identify, act, and respond to minimize the impact of attacks. This leads to our movement of increasing situational awareness and our ability to detect threats as they occur instead of reacting after the damage has been done. While real-time measures provide many benefits, they also carry a hefty price tag for agencies looking to implement these capabilities. Real-time capabilities can only be implemented through automated technologies and solutions. These technologies carry significant costs further straining the department or agency's already thin cyber security resources.
Government agencies currently possess varying levels of maturity to implement and maintain these capabilities and, in some cases, do not possess these capabilities at all. Although they are absolutely necessary in any "defense-in-depth" strategy, the key question becomes "How much?" and "How fast?" can we implement them. With shrinking budgets and tougher times, it becomes a difficult exercise in prioritizing investments, especially when FISMA may formally capture progress and impact an agency's grades and ultimately, their budget.
It would be impossible to implement these capabilities within a 6-12 month period, at least not effectively. Organizations need to take a risk-based approach to prioritizing initiatives and developing a strategy that allows agencies to prioritize their investments to obtain the greatest return and most importantly the biggest risk reduction to support their missions.