He has to overcome all the typical security pitfalls – and he gets to do it all in a bureaucratic fishbowl.<\/p>\n","protected":false},"excerpt":{"rendered":"
It’s not an easy trek, becoming a security manager. But of all the possible security executive jobs out there, none is probably as challenging as the public-sector job.<\/p>\n
The government CSO most likely has climbed his career mountain without a Sherpa or a harness to catch him if he falls. For starters, cultural and situational issues unique to government jobs make for a particularly tough journey for the government CSO. In the US Office of Management and Budget’s 2001 Government Information Security Reform Act report to Congress, for example, six IT security weaknesses in government were identified. They included a lack of attention to IT security by senior management and nonexistent IT security performance measures. In addition, the report cited poor security education and awareness, a lack of fully funded and integrated security, a failure to ensure that contractor services are adequately secure, and a problem with detecting, reporting and sharing information on vulnerabilities.<\/p>\n
Although those weaknesses exist outside the public sector, they are exacerbated in government agencies where procedural problems and incompetent management can inflate them. Government security officers have less control than their civilian counterparts.<\/p>\n
While industry executives are constrained by their budgets, government employees have to buy goods and services from a government-approved list, and they are bureaucratically hampered in their hiring. In the private sector, CSOs answer solely to the executive team. Public-sector CSOs have lists of executives they report to.<\/p>\n
More info: [url=http:\/\/www.cio.com.au\/index.php?id=1487268597&fp=16&fpid=0]http:\/\/www.cio.com.au\/index.php?id=1487268597&fp=16&fpid=0[\/url]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-502","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/502","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=502"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/502\/revisions"}],"predecessor-version":[{"id":2989,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/502\/revisions\/2989"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=502"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=502"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=502"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}