A cyber handbook for the c-suite exec and rank-and-file fed
- By Derek B. Johnson
- Jun 29, 2018
Two tech advisory bodies to the government have developed a new guidebook to train and educate federal cybersecurity professionals.
The CISO Handbook, released June 26, is an outgrowth of the recently released President's Management Agenda and its call for agencies to tackle their tech and cybersecurity workforce challenges.
Drafted by the CIO and Chief Information Security Officer Councils, it was designed to appeal both to the C-Suite executive as well as the rank-and-file fed, according to Trey Kennedy, an analyst at the General Services Administration and advisor to the CIO Council.
"The way we wrote the handbook and the way we structured it was really based around plain language….you don't need a deep technical background to understand elements of it," said Kennedy on a June 28 call with reporters.
The document lays out the role that both CISOs and CIOs play in executing out the federal government's cybersecurity mission, outlines best practices around agency risk management and offers guidance around cybersecurity workforce challenges and development, hiring authorities and how to build a team of cyber professionals.
Kennedy said that the councils determined at the outset of the project that with a range of laws and statutory guidance on federal cybersecurity roles already available, agencies would benefit more from an aggregation of best practices from existing resources, such as those offered through National Institute for Standards and Technology's Cybersecurity Framework, the Department of Homeland Security and various presidential executive orders.
"One of the things we consistently heard throughout the councils is that these resources are in various places and when you're onboarding a new employee, it would be really great if there was…a single document [to] say, 'Look, this may not be the totality of the universe, but it gets you that foundational knowledge,'" said Kennedy.
Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.
Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.
Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at firstname.lastname@example.org, or follow him on Twitter @derekdoestech.
Click here for previous articles by Johnson.