Forgot your password?
New user?
Document Actions
Leadership and Organization for Information Security
Computer security poses leadership and organizational challenges within government. There is widespread recognition that some national leadership should be designated to ensure that computer security will receive government-wide attention. For purposes of defining responsibilities within government, countries have taken a range of different approaches. Some have placed responsibility for computer security in existing ministries responsible for national security, law enforcement or economic affairs. Others have established inter-ministerial committees managed by an official in the Prime Minister’s office.
The choice of where within government to place cyber security leadership can be significant. For example, the issues surrounding the sharing of information about cyber-security vulnerabilities and when to disclose vulnerabilities to the public require a balancing of interests. Placing responsibility for cyber-security within the defense ministry, which likely has a tradition of national security secrecy, may hamper information sharing and produce a policy that does not sufficiently promote public awareness. Since public-private partnerships can contribute effectively to computer security, leadership for cyber-security may better be placed within an economic affairs agency, in an intergovernmental body under the nation’s chief executive, or in the ministry for ICT.
Mechanisms should be considered that give the office charged with cyber-security leadership the authority to require other ministries and departments to address the security of their own systems. The ultimate power to require ministries to comply with computer security standards may be the authority to disapprove those government agencies’ computer purchases that do not meet security standards. Other less drastic measures include requiring ministries and government agencies to conduct annual cyber-security audits and report the results to the cyber-security office. Whatever structures are chosen, leadership from the office of the president or prime minister will probably be needed to ensure that all departments are taking the issue seriously.
Back to Beginning of Chapter
The choice of where within government to place cyber security leadership can be significant. For example, the issues surrounding the sharing of information about cyber-security vulnerabilities and when to disclose vulnerabilities to the public require a balancing of interests. Placing responsibility for cyber-security within the defense ministry, which likely has a tradition of national security secrecy, may hamper information sharing and produce a policy that does not sufficiently promote public awareness. Since public-private partnerships can contribute effectively to computer security, leadership for cyber-security may better be placed within an economic affairs agency, in an intergovernmental body under the nation’s chief executive, or in the ministry for ICT.
Mechanisms should be considered that give the office charged with cyber-security leadership the authority to require other ministries and departments to address the security of their own systems. The ultimate power to require ministries to comply with computer security standards may be the authority to disapprove those government agencies’ computer purchases that do not meet security standards. Other less drastic measures include requiring ministries and government agencies to conduct annual cyber-security audits and report the results to the cyber-security office. Whatever structures are chosen, leadership from the office of the president or prime minister will probably be needed to ensure that all departments are taking the issue seriously.
Back to Beginning of Chapter