Securing information is hard work, but combining accountability, best practices and a bit of common sense while meeting your agency's mission will go a long way to provide proper IT safeguards. This is the message from longtime government CIO and IT leader Karen Evans, who retired this year as the top federal government IT executive, and who writes an exclusive blog entry for GovInfoSecurity.com.
Minimizing risk requires agencies to move beyond compliance, which still only represents a starting point in assuring secure data and systems, Evans says, adding that compliance alone, as we have learned through painful experiences, will not guarantee information security. Click here to read Evans' blog.
Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.
From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:
Understand the current cyber threats to all public and private sector organizations;
Develop a multi-tiered risk management approach built upon governance, processes and
Implement NIST's risk management framework, from defining risks to selecting, implementing
and monitoring information security controls.