Implementing and Maintaining a Cybersecurity Program—The Role of Standards
As a chief information security officer (CISO) at a federal agency in the United States, the presenter will provide a practical perspective on the importance of standards as well as the limits of standards. The focus of the presentation is to outline how the speaker will utilize standards to effectively manage resources within his agency to ensure that operations and data are secured. He will also discuss when standards alone are not adequate to effectively design and maintain secure operations. Moreover, the presenter will explore the need for governments and enterprises to view cybersecurity as a public good. Specifically, the open nature of our information technology and telecommunications infrastructures underpins our reliance on secure ecosystems and the need for participants in those ecosystems to maintain secure operations. The adoption and use of cybersecurity and data protection standards helps to achieve a common understanding of the minimum requirements participants within these ecosystems must meet to participate.