Speaking during the Critical Effect cybersecurity conference in Washington, D.C., Kirk Lawrence, CISA’s program manager for its Secure by Design initiative, said that implementing its principles is akin to “locking the front door” when securing a house: a first step.
“It doesn't mean that your place can’t get broken into, that someone can't come steal your stuff, but they [have] to work a little harder now to have a different set of skills,” Lawrence said. “Secure by Design is not the end of risk. It's the start of resilience.”
He specified that threat detection and national coordination efforts are weak spots in the Secure by Design architecture, but it remains “a good first step” in creating a cybersafe ecosystem.
Lawrence also previewed CISA’s ongoing effort to articulate the business benefits for Secure by Design. The core mission in this effort is to create talking points on Secure by Design for a technology project owner to communicate its value to C-level executives in a given organization to garner their support.
“One of the key principles that we've advocated since the beginning is that it's not going to happen unless you have executive buy-in, which is one of the very first steps to having effective Secure by Design,” Lawrence said.
Regarding a deliverable timeline, he estimated that a business case for Secure by Design will be ready within the coming six months.
Lawrence’s comments follow the departure of two former leaders of the Secure by Design initiative, Bob Lord and Lauren Zabierek, in ..
Support the originator by clicking the read the rest link below.
