In response, House Government Reform Committee Chairman, Rep. Tom Davis, and the Federal CIO Council announced the creation of the CISO Exchange, a public-private initiative focused on empowering Federal CISOs to improve Federal government IT security. "The people on the frontlines -- the CIOs, CISOs, and their staff -- have to believe in what they're doing. We need to give them the tools, budget, and training they require," Davis said in a statement announcing the 2004 Federal Information Security Management Act (FISMA) report card grades
Chairman Davis and the CIO Council will co-chair the CISO Exchange, respectively represented by Melissa Wojciak, staff director of the Government Reform Committee, and Vance Hitch, CIO for the Department of Justice (DOJ).
"The Federal government's D+ grade on computer security is just not good enough," Chairman Davis said.
"The CIO Council is committed to closing the security gap in our Federal agencies," said Vance Hitch, DOJ's CIO and chair of the Cyber Security & Privacy Committee for the CIO Council. "Each CIO will ask their CISO to attend the CISO Exchange programs. We look forward to working with Chairman Davis, CISOs, and private industry to upgrade our Federal IT security performance."
The CISO Exchange will together the Federal CISO community with leading private sector security executives to structure information exchange, education, and cross-pollination of best practices. Specifically, the CISO Exchange will focus on building the CISO community, framing and facilitating high-value education experiences, exchanging best practices, providing a coherent voice for the Federal CISO community on operational security issues and fostering information exchange between the public and private sectors on IT security issues.
The exchange will convene quarterly educational meetings, as well as produce an annual report on Federal IT Security priorities and operational issues. The first meeting will take place in May 2005. O'Keeffe & Company, an events and marketing firm, will manage the CISO Exchange.
"The disappointing results on the report cards and the CISO feedback from the Telos study demonstrate that there is a requirement to take a fresh look at the Federal IT security challenge," said Stephen W.T. O'Keeffe, executive director of the CISO Exchange. "The CISO Exchange, co-chaired by legislative and executive leaders, builds community for CISOs and creates a new public-private partnership to drive true progress."
The Federal Information Security Management Act (FISMA) of 2002 (Title III of the E-Government Act of 2002) is the primary legislation governing Federal information security. FISMA expanded upon earlier Federal IT security legislation and added particular emphasis to the management dimension of information security in the Federal government. FISMA establishes stronger lines of management responsibility for information security and provides for substantial oversight by the legislative branch. Under FISMA, Federal agencies are required to designate a lead security executive or CISO.
