By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Security, Legal, Regulatory Compliance, School Safety

Every manager I talk to has a long To Do List and they all say the list is getting longer. Then I ask them a question about their GOT TO DO LIST?  Their responses usually include groans, moans and terribly painful looks on their faces. As I talk to more and more managers and review more and more headlines in the news, it is obvious to me that managers’ GOT TO DO LISTS are becoming more painful by the day. Why are GOT TO DO LISTS getting more painful?  Look at these articles which include lessons learned as well as future challenges: Heartland CEO onRead More →

By:
On:
In: *Connecting the Dots Blog*, Human Resources

A recent story made headlines in The Washington Post, providing an excellent example of how a lack of implementation can lead to embarrassing headlines and illegal and costly results. This story came up because of a previous story The Washington Post (and other media outlets) reported involving Obama officials being invited to intimate dinners at the home of Post publisher Katherine Weymouth, each sponsored at a cost of $25,000. In response to the initial story, White House counsel Greg Craig reportedly sent out an e-mail (megaphone management) with the 9-page White House policy attached that covered dos and don’ts involving gifts, relationships and invitations toRead More →

By:
On:
In: *Connecting the Dots Blog*, Uncategorized

Step 10 is: Build a cybersecurity-based identity management vision and strategy that addresses privacy and civil liberties interests, leveraging privacy-enhancing technologies for the nation. Step 10 is definitely needed.  Step 10 mentions privacy which is generally more about collection and dissemination of sensitive and personally identifiable information (PII) than securing or protecting sensitive information.  Privacy is generally more about People and Processes and security is generally more about Technology; however I think President Obama is smart to mention the need to build an identity management vision and strategy that addresses privacy and civil liberties. I have to say….I am surprised that President Obama has notRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Step 9 of President Obama’s 10-point action plan is: In collaboration with other Executive Office of the President entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions. I love the sound of Step 9!  It is like a great pre-game speech from a well respected coach talking about game-changing strategies and teamwork and relying and trusting each teammate to do their part in their goal to winRead More →

By:
On:
In: *Connecting the Dots Blog*, Incident Reporting, Information Privacy, Information Security, Regulatory Compliance

Step 8 of President Obama’s 10-point action plan is: Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement. Keywords in Step 8 include: Prepare, Initiate, Dialog, Partnership, Streamlining, Aligning, Optimize. Preparing an incident response plan is a great idea and can play a critical role in the success of a cybersecurity action plan, however a lot organizations have incident response plans that are not producing much if any feedback.   Why are traditional response plans not working? Problems with traditional incident response plans lack anonymity on theRead More →

By:
On:
In: *Connecting the Dots Blog*, Business Continuity, Information Security, Risk Management

Step 7 is: Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity. Wow…this is a very complex step when you consider the Cyberspace Policy Review described cybersecurity policy as: cybersecurity policy as used in this document includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missionsRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

Step 6 of President Obama’s Cybersecurity plan is a great idea and it states: Step 6 – Initiate a national public awareness and education campaign to promote cybersecurity. Lessons Learned from national public awareness and education campaigns show that they can work very well with “simple and straightforward” issues such as drunk driving, seat-belts or forest fires.  For example, most of us have heard of “over the limit, under arrest” or “click-it or ticket” or “only you can prevent forest fires”.  But cybersecurity is not “simple and straightforward”. Lessons Learned, experts and reports unanimously agree that cybersecurity related attacks are becoming more and more sophisticatedRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

So the new Cybersecurity Adviser (aka Head Coach) will be announced this week…and as I mentioned previously regarding Step 1 and Step 2, the Head Coach will play a vital role in coordinating people, entities, policies, activities, strategies and ongoing updates as strategies and threats change.  We reviewed how the Head Coach will need to implement an “intelligent playbook” to ensure all appropriate people have access to customized knowledge they need to make better decisions and achieve better results.  The “cybersecurity intelligent playbook” will no doubt need tools that will empower the Head Coach and enable all appropriate personnel to have secure accessibility to theirRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

Part 2 of several to come… Looking over President Obama’s 10-point action plan, there is no doubt that the key to successfully protecting, deterring, preventing, detecting and defending our digital infrastructure and strategic national assets will be the “playbook” and the “execution of the playbook” by all appropriate individuals. Step 1 of the 10-point action plan is to appoint a cybersecurity policy official responsible for coordinating the nation’s cybersecurity policies and activities and coordinate with National Security Council and National Economic Council to coordinate interagency development of cybersecurity- related strategy and policy.  Sounds like a Head Coach and more to me… The Head Coach isRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

Part 1 of several to come… Thank you President Obama! As you probably saw in the news, President Obama presented a 10-point action plan aimed at securing federal government’s critical IT infrastructure. I missed the President’s live press conference that day, so when I returned to the office I found the news story about the President’s 10-point action plan.  There is no doubt that cybersecurity has become a significant concern for government and private organizations too and I wanted to see specifically what President Obama’s 10-point action plan looked like and if it targeted some of the challenges I have seen in my 20+ yearsRead More →