Congressman Davis and the chief information officers council
announced at the hearing that they will co-chair a new chief
information security officers exchange to cross pollinate
ideas between the public and private sectors.
The exchange has not been created in statute and is similar
in nature to the acquisition workforce exchange program,
according to cisoexchange.org and federal CISOs will be
asked to attend quarterly meetings and contribute to an
annual report on federal IT security priorities and
operational issues.
It said CISOs would work with leading private sector security
executives “to structure information exchange, education and
cross-pollination of best practices,” and specifically focus
on building a CISO community, framing and creating
“high-value education experiences,” and providing a coherent
voice for the CISO community on operational issues, among
other goals.
FISMA establishes stronger lines of management responsibility
for information security and provides for substantial
oversight by the legislative branch, and Davis said the
exchange would help ensure the act amounts to more than just
a paperwork exercise.
FISMA “provides the agencies with a strong management
framework, but I recognize that it is not a panacea; there
may be a need for amendments to facilitate implementation
of the security concepts that drive FISMA,” he said.
