Guest blog post by Simon Szykman, Chief Information Officer, U.S. Department of Commerce
You missed it! The Department of Commerce's Office of the Chief Information Officer (OCIO) hosted its inaugural Innovating Security Conference to increase knowledge and awareness of various initiatives, exchange information and ideas, and engage in discussions on ways to further protect and strengthen the security posture of the department’s information systems. Facing security threats that are evolving and growing in sophistication, while at the same time anticipating a constrained outlook for the future due to budget pressures, it is imperative for organizations across the department to pursue improvements in both efficiency and effectiveness by examining operations, collaborating on common objectives, improving information sharing, and identifying opportunities to leverage one another’s independent activities.
The two-day conference is one means of moving toward a higher level of efficiency and effectiveness by emphasizing internal collaborations and open dialogue. The conference included participation and invited speakers from Commerce, as well as from other federal agencies and the private sector, in order to leverage their best practices, lessons learned and knowledge in areas related to information system security. In addition to keynote and panel sessions, service offerings of Commerce internal service providers as well as industry vendors were highlighted during the event.
At the conference, tracks highlighted general awareness, operational management, and technical topics. Experts were convened in technical panels for specific areas that included implementing cloud computing, the Risk Management Framework, enterprise logical access controls, and real-time continuous monitoring. Other technical sessions offered information on security and social networking, the future of networking, understanding the risk of personal electronic devices, transitional forensics, and a map of information security policy. Department of Commerce managers were offered sessions that defined their role and responsibility with respect to risk management, understanding the Federal Information Security Management Act (FISMA), technology and security implications for managing a remote workforce, the varied complexities of auditing information systems, security in the supply chain, and the ins and outs of assigning position designations. Many benefited from the additional sessions which provided insight into relevant activities in other federal agencies, including programs such as the Seneral Service Administration's Federal Risk and Authorization Management Program (FedRAMP), The Department of Defense's security certification efforts, and the Office of Personnel Management's perspective on how staff members can plan and position their security careers.
I would be remiss if I didn’t mention the interesting and talks aimed at heightening security awareness among a generalist audience. AT&T’s Senior Vice President and Chief Security Officer offered his perspective on the evolving IT and threat landscape and security models, followed later by other talks on mobile device security, identity theft, and protecting government information. A federal intelligence agency provided a briefing on advanced persistent threats which highlighted the importance of keeping the end user continually engaged by making them aware of a variety of threats, notably e-mail based phishing scams.
The conference concluded with an overview of Commerce's IT priorities and vision, outlining our progress moving farther along the path of strengthening risk management at the department, increasing collaboration, deploying real-time continuous monitoring and other new security capabilities, and leveraging tools and knowledge across organizations. The Innovating Security 2011 conference was one of many steps toward these efforts, and toward creating a more efficient and effective government.