Challenges in government cyber risk mitigation
George DeLisle, federal sales director at Varonis, discusses the White House’s planned action on cybersecurity, and how industry is interested in reading agency reports on their cyber risks.
The National Security Council says that action on mitigating cyber risks could come from the White House next week. The action would be enforcing an executive order signed last year that outlined how cybersecurity risks should be managed in the federal government. The order holds agency heads accountable for any risks their systems may have, and instructs them to create risk management reports. Industry is eagerly awaiting these reports, so companies can tailor their cybersecurity services to each agency.
“In the Cyber Defense Framework that’s out there today, there’s a lot of language around a least privilege model. People having access to data they should have access to. I want to see them come out with reports and information that shows that ‘I have absolutely started to lock down my networks, George should have access to information that I have a need-to-know for.’” said George DeLisle, federal sales director at Varonis. “There’s work to do inside federal agencies to get that least privilege model put in place, so that we can actually report on who has access to the data, where the data is at, who is [looking at] it.”