The Influencers: Gregory WilshusenDirector, Information Security Issues, Government Accountability Office
Director, Information Security Issues, Government Accountability Office
Why He's an Influencer
Wilshusen's investigations, audits and reports for the GAO, the investigative arm of Congress, and his numerous testimonies before Congressional panels help shape legislation and government policy on securing federal data and systems.
Wilshusen has nearly three decades of auditing, financial management and information systems experience. Before joining the GAO in 1997, Wilshusen held a number of public and private-sector positions, including senior systems analyst at the Department of Education. He also served as the controller for the North Carolina Department of Environment, Health and Natural Resources, and held senior auditing positions at Irving Burton Associates, a professional and technical services firm, and with the U.S. Army Audit Agency. He's a certified public accountant, certified internal auditor and certified information systems auditor. Wilshusen earned a bachelor of science degree in business administration/accounting from the University of Missouri and a master of science degree in information management from George Washington University's School of Engineering and Applied Sciences.
In His Own Words
"One of the things I think has been proven over the years is the old adage: 'What gets measured gets done.'"
"Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of most federal agencies. Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss or improper disclosure of personally identifiable information of Americans, thereby exposing them to loss of privacy and identity theft."
"An underlying cause for these (security) weaknesses is that agencies have not yet fully or effectively implemented key elements of their agency-wide information security programs. To improve information security, efforts have been initiated that are intended to strengthen the protection of federal information and information systems."
"Federal agencies have not adequately designed and effectively implemented policies for periodically testing and evaluating information security controls. Clarifying or strengthening FISMA (Federal Information Security Management Act) and its implementing guidance for determining the frequency, depth and breadth of security control tests and evaluations could help agencies better assess the effectiveness of the controls protecting the information and systems supporting their programs, operations and assets."
GovInfoSecurity.com Content Featuring Wilshusen