Security management in spotlight

As agencies progress in information security, officials are beginning to look at how to ensure security accountability and consistency in leadership.

Security may be the responsibility of all employees within an agency, but attention is focused on the chief information officer. The turnover in that office is a concern for many, officials noted today at a hearing of the House Government Reform Committee's Technology, Information Policy, Intergovernmental Relations and the Census Subcommittee.

"We're trying to drive an awful lot of transformation through the agencies, and these become some of the most stressful jobs.... I'm not quite sure yet how you keep people from burning out," said Mark Forman, administrator of the Office of Management and Budget's Office of E-Government and Information Technology.

This will become more of an issue as the pace of cultural change, driven by e-government, increases. OMB is keeping a close eye on this issue by including it as part of the skills assessments that agencies must submit in September as part of their fiscal 2005 budget requests, Forman said.

Holding agencies accountable for information security is not easy with the revolving CIOs, said Rep. Candice Miller (R-Mich.), the subcommittee's vice chairwoman.

The performance fund that the White House proposed as part of the fiscal 2004 budget — which will reward federal employees at all levels for improved performance — should help with the retention of CIOs, Forman said. He said it also offers an incentive comparable to industry jobs.

However, at the end of the day, "I am the person accountable," Forman said. "Hold me accountable. It helps me hold the agencies accountable."

To ensure congressional oversight beyond the annual reporting required as part of the Federal Information Security Management Act of 2002, the subcommittee sent a request to agencies asking for updated information on their security status by Aug. 1, said Rep. Adam Putnam (R-Fla.), chairman of the subcommittee. The subcommittee will use the information to help issue a follow-up to the security report cards started by former Rep. Stephen Horn (R-Calif.) sometime this fall, Putnam said.