Headquarters USMEPCOM, North Chicago, IL –
The annoyances of entering your PIN multiple times and the removal of the Common Access Card every time you walk away from the computer can pay big dividends to an organization and its members.
Poor cyber security can mean facing pit falls. Under the Department of Defense instruction, the risk management framework requires having an external assessment every three years to ensure systems are up to date and vital information doesn’t fall into the wrong hands.
“The USMEPCOM Cybersecurity Office’s (CSO) mission is to protect the confidentiality, integrity and availability of the Information Systems, networks and data throughout USMEPCOM, while managing a customer-oriented Cybersecurity Program capable of meeting the needs of all USMEPCOM customers,” said Jodie Goss, Cybersecurity Office chief, USMEPCOM.
A security checklist including environmental, physical and personal security controls are used during the triennial assessment. There are 403 controls and 1800 assessment procedures to consider that encompass managerial and technical controls also being monitored. Good cyber security involves asking the questions:
- How do we continue work and operations?
- What equipment do we need?
- Where do we go?
Better cybersecurity includes locking down sensitive documents in a drawer, routine updates for software and bug fixes and ongoing monitoring and policy implementation. It’s not a set it and forget it mentality, it’s lather-rinse-repeat. Especially, in the Information Technology era. It is important to remember the risk management framework and apply it to cyber security and digital functions.
Good cybersecurity focuses on validating compliance, identify vulnerabilities, providing situational awareness of our cyber security posture and ensuring that USMEPCOM can protect against cyber threats.
This is important to the command and its customers (applicants) because USMEPCOM has a duty to protect and defend its systems and data from malicious attacks, hackers and data loss.
“We’d all like to think we’re impenetrable, but it’s not a matter of if, but when will we be compromised,” said Goss. “It’s this command’s responsibility to adhere to the Department of Defense and Department of Army laws, regulations, and policies to ensure protective measures are in place, wherever possible.”
Finally, good cybersecurity is having a good continuity of operations plan (COOP) in place in the event of a situation or worse some type of catastrophe involving a fire or the USMEPCOM offices being swept off to fairyland where staff can organize and keep the business or processing applicants while safeguarding operations and data.
“As we continue to move forward into a paperless, agile, cloud-based environment, it’s crucial to establish risk management and cybersecurity hygiene at the forefront of solution architecting, not at the end,” said Goss.