CISOs take center-stage

The nature of IT security has raised the stakes for and profiles of these players in government technology

Of the myriad executive-level positions that have entered and moved up the organizational charts of government agencies, the chief information security officer (CISO) ranks as one of the newest and, increasingly, one of the most complex.

The CISO job is largely an outgrowth of the Federal Information Security Management Act of 2002, which requires each federal agency to develop a plan for securing the information and systems within its purview and file annual security reports with the Office of  Management and Budget.

By 2005, most agencies had created the CISO position to essentially serve as the chief compliance officer for FISMA. The main responsibilities included developing and maintaining an enterprise information security program, certifying that security controls are implemented and working as intended, and serving as the agency’s principal adviser on IT security matters.

But the nature of IT security matters — brought to high alert by episodic breaches and ongoing cyber threats — has raised the stakes for and profiles of these now-pivotal players in government technology. Their job is not just about filing compliance reports anymore.

The typical CISO must now maintain relationships with a range of stakeholders inside and outside the agency, beginning with the chief information officer and IT security operations staff and moving on to facilities managers, privacy officials, disaster recovery and business continuity planners, enterprise architecture working groups, and personnel management departments.

Outside the agency, the CISO works with the CIO Council, OMB, Congress, the National Institute of Standards and Technology, the FBI, the Homeland Security Department and private-sector partners.

All of which further raises the question: What makes a successful government CISO? Do they have the authority and resources they need to tackle the increasing loads they are asked to shoulder? What kinds of skills and attributes now constitute the ideal candidates?

Contributing editor John Moore put these and other important questions to six experts — one former and five current government CISOs — who came together for a virtual roundtable discussion.

Also in this week’s issue, we are pleased to present a small taste of an important new book, “If We Can Put a Man on the Moon: Getting Big Things Done in Government.” The authors, government reform experts William D. Eggers and John O’Leary, say big things start with big ideas, and they offer six tips for generating those ideas.

About the Author

David Rapp is editor-in-chief of Federal Computer Week and VP of content for 1105 Government Information Group.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.