CIO Council spreads out security
- By Diane Frank
- Dec 13, 2001
The CIO Council has not de-emphasized information security in its reorganization -- which eliminated the security subcommittee -- but it has made the issue a focal point across its committees and has created teams to address the top areas of weakness regarding homeland security, Jim Flyzik, the council's vice chairman, said Dec. 12.
A dedicated security leader has been named to the three committees under the new structure -- Best Practices, Governmentwide Architecture Framework, and Workforce and Human Capital for IT -- Flyzik said at the "Developing Cyber Security Solutions in the e-Gov Era" conference sponsored by the Information Technology Association of America.
In addition, each of the e-government portfolio management teams, which focus on the 23 cross-agency, e-government initiatives led by the Office of Management and Budget, also has a dedicated security member, Flyzik said.
"This is not de-emphasizing security," he said.
The CIO Council is planning to name an executive committee liaison who will work with the many federal entities involved in information security, such as the Office of Homeland Security, the Federal Computer Incident Response Center, and the National Institute of Standards and Technology, Flyzik said.
The council also is establishing what it is calling "red teams" to look at the issues the group decided were key areas of weakness during a full-day workshop held soon after the Sept. 11 terrorist attacks:
* Lack of senior-level attention to information security.
* Lack of security certification and accreditation of IT systems.
* Failure to install patches for known vulnerabilities.
* Lack of intrusion and incident detection systems.
* Lack of supervision over contractors.
The teams' members will come from the IT, financial, procurement and management areas of government, and will develop recommendations for how to deal with each issue, Flyzik said.