In executing an enterprisewide approach to cybersecurity, the Cybersecurity and Infrastructure Security Agency is transforming the way the federal government tackles threats across the nation’s cyber landscape, a top security official said Thursday.
“We try to be very focused on enterprise risks—how can we take action and how can they be tangible, doable actions, not just these things that are high in the sky, complicated and resource-intensive,” CISA’s Assistant Director for Cybersecurity Jeanette Manfra said at a GovernmentCIO cyber forum in Arlington, Va.
Manfra explained that, like most companies, every agency is responsible and accountable for securing its own cyber networks and systems. She said before CISA, the Homeland Security Department and the Office of Management and Budget weren’t thinking of treating all 99 civilian agencies together as an enterprise.
Because of this, decisions weren’t being thought through and officials weren’t effectively considering the significance of shared services between the civilian agencies, or the risk management transfers that accompany one agency hosting other agencies’ data and information. Further, they…
