Latest Executive Order Draft Promotes Risk-Based Approach

March 8, 2017

The latest version of the draft of a cybersecurity executive order from the Donald Trump White House would direct the federal government to take a risk-based approach to IT security and hold cabinet secretaries and agency heads responsible for the security of their organizations’ IT assets.

The draft executive order also would require federal agencies to adopt the National Institute of Standards and Technology cybersecurity framework as well as encourage agencies to employ shared IT services, including those for email, cloud computing and cybersecurity. In addition, the draft proposes modernizing the government’s information technology and IT architecture.

“On balance, it’s a good EO,” says Herbert Lin, a senior research scholar for cyber policy and security at Stanford University’s Center for International Security and Cooperation. Most of the draft is not prescriptive but calls on assessments of various aspects of safeguarding government IT with reports to be filed by those conducting the appraisals within 60 to 240 days of the signing of the executive order, depending on what’s being examined. “It’s not meant to stop there,” Lin says of the draft executive order. “It’s meant to be the first step. These reports will inform further action.”…SOURCE

| Bank Info Security