Resources for Federal Information Security Management Act (FISMA)

Cybersecurity chiefs keep a low profile

www.govexec.com

It's a job with little authority and no budget of its own. Few people are aware of the post, or its role in safeguarding millions of Americans' personal information and ensuring the continuity of government. Not every federal agency even has one. When chief information security officers do get attention, it's usually because someone lost or swiped a laptop. In a government populated with countless thankless jobs, the challenges facing cybersecurity managers seem especially daunting.
"Chief information security officers are like offensive linemen in football," says John Pescatore, vice president of the information security practice at Gartner Inc., an IT research and advisory company in Stamford, Conn. "You only know their name when they screw up."
Despite their relative obscurity when all is well, federal information security chiefs have been around in some capacity for the last decade. But they didn't get an official job description until Congress passed the 2002 Federal Information Security Management Act, tasking the Office of Management and Budget and the National Institute of Standards and Technology with honchoing the effort. CISOs report to agency chief information officers, whose top priority these days also is cybersecurity. So why do agencies need CISOs?

View the Resource

Share or bookmarklet this web page at: