Patrick Howard, a former chief information security officer for two federal agencies, believes that end users or stakeholders are important factors to consider for continuous diagnostics and mitigation strategies.
Howard, a former CISO at the Department of Housing and Urban Development and Nuclear Regulatory Commission, wrote in an opinion piece for Federal Times published Monday that agencies should include “the human in the equation” to ensure a positive outcome for CDM programs.
“Implementing technology can often be deceptively easy. It’s… how people react and perform when new tools are introduced, disrupting entrenched processes, that can lead to so many problems and technology disuse,” he said.
He noted that agencies should determine who owns or has accountability for the CDM strategy to set specific roles and responsibilities.
They should also customize the CDM tool to fit the needs of particular customer and direct the prioritization of security issues, which should in turn be channeled to the personnel best suited to address the issue, Howard wrote.
Finally, he said agencies can also offer training to reinforce new processes and technologies and facilitate a positive response to change.