Information security professionals will now have a central place to find all of the most vital information about their job responsibilities in a chief information security officer handbook released by the federal CISO Council June 26.
“A lot of folks were saying ‘there’s a lot of resources out there to help us do our jobs.’ There’s obviously FISMA, the Federal Information Security Management Act, and the successors to that, that highlighted the role of CISOs. But the thing that we found and the thing we consistently heard through the councils was that these resources are in various places. And when you’re onboarding a new employee it would be really great if there was this one-stop shop that would point folks to a single document,” said Trey Kennedy, adviser for the Federal CIO Council, in a press call on the publication.
Kennedy said that the council leaned heavily on what the Department of Homeland Security had defined for information security leadership, as well as a working group of agency CISOs and Office of Management and Budget representatives.
How the CISO fits into an agency's structure will determine how it responds to cyber incidents.
“The handbook will help CISOs embrace risk management practices like the NIST Cybersecurity Framework in the context of legislation, policy and federal guidance,” said Emery Csulak, CISO at the Centers for Medicare and Medicaid Services, in a blog post.
“Breaking the complex conversation of the CISO role and risk management into consumable pieces can only help the community succeed in bringing new talent on board and meeting our mission needs.”
Though the document is ostensibly for federal CISOs, Kennedy said that the plain language design of the handbook could be helpful to all levels of cybersecurity professionals.
“They way we write the handbook and the way we structured it was really around plain language. And we wanted this to be a very clearly written document that you don’t need a deep technical background to understand the elements that are in it,” said Kennedy.
“So whether you’re a seasoned cybersecurity professional who just wants a quick reference guide for elements that are in there, or you’re somebody new to the field, or you’re just a regular employee just trying to understand what your role in cybersecurity is, if you read this, you understand what is out there.”
Clarifying the career potential for IT and cybersecurity workers has been a central part of the White House’s initiatives to expand the cybersecurity workforce within the federal government. According to Kennedy, the handbook can also serve as a recruiting tool by providing a concise reference point for what a cybersecurity career would look like in the federal government.
For the future, the CISO Council plans to develop an interactive version of the handbook that is searchable and manipulatable, according to Kennedy.