The Obama Administration announced changes to the Office of Personnel Management designed to ameliorate the flawed systems and processes that led to a massive data breach in late 2014. The plans -- and the steps taken to get there -- hold lessons for any IT organization.
10 Best Tech Jobs For 2016
(Click image for larger view and slideshow.)
Massive security breaches like the one that occurred at the US Office of Personnel Management (OPM) naturally make headlines. Yet, the steps taken afterward to correct the processes that led to such a situation may be far more interesting to IT professionals than the breach itself.
On January 22, the Obama Administration announced changes in systems and procedures that will be made as a result of the OPM breach, which reportedly occurred in December 2014 and was disclosed last year. The changes reflect what appears to be a systemic top-to-bottom review of what went wrong.
The first notable change is that the Department of Defense (DoD) will assume responsibility from OPM for storing sensitive information on federal employees and others, including those working for government contractors.
Second, the government will create a new entity -- the National Background Investigations Bureau -- to oversee background investigations, a function previously handled by OPM. This bureau will handle some 600,000 investigations annually for new or renewed security clearances. The National Background Investigations Bureau will handle other types of investigations as well, such as those conducted on individuals seeking access to certain government facilities.
The new bureau will be housed within OPM, but the DoD will be responsible for keeping the data secure.
According to Agence France Presse, no timeline for the changes was announced, but officials indicated some of these steps will occur this year.
These changes -- and the steps taken along the way -- serve as an example of the way any organization can react in the wake of a breach:
Review the situation.
Analyze what did not function as it should have.
Leverage resources the enterprise has onboard to the best advantage.
Shake up how things are done functionally if necessary.
Above all, directly deal with the existing problems and find ways to solve them.
The US government has an overall problem with computer security personnel. Analyst Rob Enderle writes on CIO.com that a brain drain from government to the private sector is underway. Cybersecurity experts are being lured by big pay packages from private companies desperately seeking those with applicable security experience.
By transferring data security to the DoD, the government is leveraging an existing, core base of cybersecurity expertise, rather than attempting to build from the ground up within OPM.
Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
2017 State of IT ReportIn today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.