One of several key areas of focus will be the role that validation of the cyber workforce plays in preventing future cyber attacks
Alexandria, Va., July 20, 2015 – (ISC)² (“ISC-squared”), the largest not-for-profit membership body of certified information and software security professionals, with nearly 110,000 members worldwide, today announced the contributions of Dan Waddell, CISSP, CAP, PMP, managing director, National Capital Region, (ISC)² director of U.S. government affairs and fellow at theInstitute for Critical Infrastructure Technology (ICIT) to the recently published legislative briefing on the OPM breach titled, “Handing Over the Keys to the Castle: OPM Demonstrates that Antiquated Security Practices Harm National Security” and his role in briefing the legislative community on issues pertaining to the cyber workforce.
ICIT, a think tank advising congress on technology issues facing the government and critical infrastructure sectors, published this detailed analysis in order to provide valuable insights on several aspects of the breach including (1) the factors which created a high risk environment, (2) the confidence we can put in claims attributing the breach to Chinese state sponsored groups, (3) detailed cybersecurity recommendations which would have prevented the outcomes of the attacks and (4) the impact of the breach on its victims.
ICIT will distribute this brief to members of the House Oversight Committee overseeing the OPM breach hearing, select members of the House and Senate including Cybersecurity Caucus members, federal agency CIOs and select ISACs and sector coordinating councils. Over the course of the next several weeks, Mr. Waddell and other ICIT Fellows will meet with the legislative community and federal agency leaders to present the findings and identify additional areas where research and support are needed. Specifically, Mr. Waddell will provide insight on how validation of the cyber workforce plays a key role in preventing future cyber attacks.
“The OPM breach was a wake-up call for the federal community, that they can no longer selectively comply with the findings of security audits which show security flaws in their network. If Congress, the Executive Branch and agencies can come together to fund and execute a new security paradigm within the government, we are capable today of preventing these incidents and protecting our nation from falling victim to these attacks,” said ICIT Sr. Fellow Parham Eftekhari.
“In the wake of the OPM breach, it is critical for legislators and staff to understand that technology is not the silver bullet. We don’t want to just tack on technology as a knee-jerk reaction to an incident, since there are many other things to consider before tools can be applied,” said Waddell. “An effective security program should be built on the foundation of a trained information security staff. It takes a knowledgeable and experienced workforce to accurately assess risk and to establish security controls that reduce the risk of future incidents.”
About (ISC)²
Formed in 1989, (ISC)² is the largest not-for-profit membership body of certified information and software security professionals worldwide, with nearly 110,000 members in more than 160 countries. Globally recognized as the Gold Standard, (ISC)² issues the Certified Information Systems Security Professional (CISSP®) and related concentrations, as well as the Certified Secure Software Lifecycle Professional (CSSLP®), the Certified Cyber Forensics Professional (CCFPSM), Certified Cloud Security Professional (CCSPSM), Certified Authorization Professional (CAP®), HealthCare Information Security and Privacy Practitioner (HCISPPSM), and Systems Security Certified Practitioner (SSCP®) credentials to qualifying candidates. (ISC)²’s certifications are among the first information technology credentials to meet the stringent requirements of ISO/IEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)² also offers education programs and services based on its CBK®, a compendium of information and software security topics. More information is available at www.isc2.org. Follow (ISC)² on Twitter @ISC2.
View the original content and more from this author here: http://ift.tt/1GydynT
from cyber security caucus http://ift.tt/1Sz2ei9
via IFTTT
No comments:
Post a Comment