“In executing an enterprisewide approach to cybersecurity, the Cybersecurity and Infrastructure Security Agency is transforming the way the federal government tackles threats across the nation’s cyber landscape, a top security official said Thursday…”
“Manfra explained that, like most companies, every agency is responsible and accountable for securing its own cyber networks and systems. She said before CISA, the Homeland Security Department and the Office of Management and Budget weren’t thinking of treating all 99 civilian agencies together as an enterprise.”
“Because of this, decisions weren’t being thought through and officials weren’t effectively considering the significance of shared services between the civilian agencies, or the risk management transfers that accompany one agency hosting other agencies’ data and information. Further, they started to see that the connectedness of agencies’ IT infrastructures allowed adversaries to work through indirect entities to target a specific agency they aimed to exploit…”
“Manfra also highlighted what she views as some of the agency’s impactful accomplishments since it was elevated over the last few years. She noted that some of CISA’s other efforts also encompassed the agency’s unique enterprise-based approach…”
“And CISA is also working to improve agencies’ email, communication and web security. In the past, she said independent auditors found that federal websites were, on average, the least secure across the internet.” Read the full article here.
Source: CISA Explains Why Enterprise Approach To Security is Gamechanging – By Brandi Vincent, July 19, 2019. Nextgov.