Close this Advertisement

What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close

VA promotes teamwork on cybersecurity

Related Links

n info sharing, trust counts

GAO: Common desktop configuration holds promise for better security

2008 Watch List: Security initiatives show promise

The Veterans Affairs Department is improving data security by bringing VA organizations together to share information, Adair Martinez, VA’s deputy assistant secretary for information protection and risk management, has said.

The National Incident Response Core Team acts as a mechanism for enabling business lines to work together on information technology issues, she said June 5 at a meeting of the Information Security and Privacy Advisory Board, which advises the National Institute of Standards and Technology, the Commerce Department and the Office of Management and Budget on information security and privacy issues.

The team includes representatives from the Veterans Health, Veterans Benefits and National Cemetery administrations; the IT division; and VA’s general counsel.

“You can’t do security in pockets,” Martinez said. “You have to do it across the enterprise.”

She has help getting VA organizations to participate. In response to the theft in 2006 of a laptop PC that contained sensitive information about millions of veterans, VA centralized its IT authority and development under the department’s chief information officer, who also has authority to enforce information security policy.

Furthermore, Martinez said, VA is the only department that has its own law governing information security and privacy breaches — the Veterans Benefits, Healthcare and IT Act of 2006, which requires the department to send quarterly report to Congress detailing its information security progress.

The CIO’s office receives daily reports on any incidents that come through its security operations center. The inspector general’s office also has access to the incident database, Martinez said, adding that her team removes personally identifiable information from the incident information before analyzing it and generating weekly reports.

The team meets weekly to review the reports and discuss trends and the potential impact on VA and its individual business lines. The team members then deliver the analysis to their managers, she said.

“We have to get educated together when you look at trends,” she said. “It helps to change culture.”

VA’s information security law and its centralized environment are unlike the experience at most other large agencies, said Ed Meagher, deputy CIO at the Interior Department and formerly VA’s deputy CIO. Agencies typically don’t have a command-and-control environment in which the secretary can mandate activities related to information security, he added.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Related Articles

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related White Papers

Editorial Webcasts

  • Service Consolidation: How to Avoid Basic Pitfalls of Shared Services Register Now

    This is the first webcast of the Series “Future First: Three Steps to Data Center Transformation”. Plan to attend this webcast to support your agency efforts to design a practical roadmap for consolidation of resources and shared services to meet current and emerging program demands. Learn from those who are doing to help you evaluate services in your current operations that may lend themselves to future shared service arrangements. Read more

More Editorial Webcasts

Federal Computer Week eNewsletters

  • Subscribe to Newsletters Subscribe

    Federal Computer Week's eNewsletters deliver the latest policy and management news to your inbox.