Wednesday, February 8, 2017

Get ready for more mandatory training!

If you work at DHS (and honestly, probably anywhere in .gov) you should brace yourself for more mandatory training.  H.R. 666 (yes, I immediately noticed the irony of that number) has passed the house and is heading to the Senate.  It would require that Homeland Security develop awareness programs (read more mandatory annual training) to help users spot insiders.  The bill of course does much more than that.

I'm particularly impressed by these two items.  If the legislation passes the Senate, (G) will ensure that by law the Insider Threat Program is informed about current technology and trends.  This is much better than relying on your adviser's BS in IT from ten years ago to steer decisions (sadly, this isn't a hypothetical).

I also like section (H) where metrics are required.  As we regularly tell Rendition Infosec customers, metrics are critically important to ensuring program success.  Of course some customers hate metrics, and we get it.  They aren't sexy (downright boring in many cases), but they are critical.  Effectiveness for an insider program will be difficult to measure, so it will be really interesting to see what metrics DHS selects for the program. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.