Minnesota faces a government shutdown Friday, and state CISO Chris Buse confronts unexpected barriers in preparing for it. No one yet knows what services the IT security organization must support once the midnight deadline passes.
The release of the list coincides with the issuance of the Common Weakness Scoring System that allows software makers to identify vulnerabilities in their programs and buyers to determine software they acquire is secure.
"We appear to be asking DHS to take on new cybersecurity roles and missions while it is establishing its basic core competencies," Melissa Hathaway says. "Is this reasonable? Do we want DHS to become a first party regulator?"
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.