Letter to the editor
This is in response to an FCW.com survey question that asked "What is the primary obstacle to improving information security at federal agencies?"
The biggest hurdle to improving security is the same hurdle faced with improving any of the other areas of information technology or for implementing any new ideas, such as the 24 e-gov initiatives.
It's not a lack of policy, planning, guidance, strategy or leadership, all of which are nothing more than individuals and committees who pontificate on need and value and provide reams of printed studies and directives. The lack lies in the old-fashioned management of these concepts, whereby these ideas are turned into reality at the agency level.
There is an old expression: my way or the highway. If these ideas are to be successful, this approach needs to be implemented in a fashion that involves picking a pilot, implementing and demonstrating it successfully, and then mandating that agencies and groups either follow the plan or lose their funding.
This would accomplish two goals. First, a pilot would demonstrate that these ideas can be implemented successfully. Second, by mandating that this approach be used or else, agencies and government officials who are resistant would be forced to do something.
All too often the government comes out with bold ideas only to see them die on the vine due to resistance and the belief that if that sooner or later administration objectives and focus will change and they can then get back to business as usual. What gets measured, gets done.
Policy, guidance, leadership and direction does not measure anything. Effective management does.
Jim Brackman Mercury Interactive