In a bid to augment traditional IT security programs in the federal government and corporate America, President Donald Trump has signed an executive order that hopes to foster greater reliance on IT Asset Management (ITAM) principles as America wages its war against cyber attacks.
The move also aims at making cyber security a part of elementary and secondary school curriculums.
Dr Barbara Rembiesa, president and CEO of the International Association of Information Technology Asset Managers (IAITAM), said: “President Trump’s executive order will help create a professional pathway for IT Asset Managers who want to join the fight against the ruthless predators who seek to compromise our data infrastructure.
“The training opportunities that this order promotes will help pull practitioners out of their individual silos and create education opportunities in cyber security beginning in childhood through advanced certification as adults.”
“I’ve said in the past that you cannot secure what you don’t know you have. Before we can have a discussion about the technology necessary to block these cyber security breaches, we first need to identify what we have in our IT inventory.”
Foundational ITAM practices that involve 12 Key Process Areas are part of the core concepts in the seven certification courses IAITAM offers. One of those courses, Certified Asset Management Security Expert (CAMSE), teaches IT Asset Managers how to empower IT security to leverage the knowledge generated by the ITAM program.
That includes understanding what assets an organization has, where they are and how they are being used. With that knowledge, security will come from the power to mitigate risk to the environment.
“The goal is to quantify the IT environment and reduce the complexity of those IT assets, which in turn will reduce the number of opportunities for loss, theft and piracy,” added Rembiesa. “Establishing policies to help simplify the management of those IT assets, educating their users about those policies and keeping open lines of communication with those affected are essential to cyber security success.”
The White House announced in a statement last week that Trump’s order will strengthen the cyber security workforce in the US and help fill more than 300,000 vacancies that risk ‘our critical infrastructure, national defense and modern economy’. The order focuses on promoting STRONG job opportunities and encourages wide adoption of the workforce framework created by the National Initiative for Cybersecurity Education (NICE).
The latest executive order builds on the president’s efforts to protect critical IT infrastructure. Last year, the president released a National Security Strategy that prioritized a strong cyber security workforce. Trump also signed an executive order in 2017 to strengthen the cyber security of federal networks and critical systems.
Meanwhile, the National Institute for Standards and Technology (NIST), which developed the NICE model, also said in its 2018 Framework for Improving Critical Infrastructure Cybersecurity that creating a mature ITAM program that begins with identifying IT assets is the first critical step in developing a plan to combat cyber security issues. A mature ITAM program is one that includes well-established, repeatable best practices and manages IT assets based on exception.
Cyber security issues have dominated information technology headlines internationally during the past decade. A study released in March by Kaspersky Lab found that more than 54% of European organizations said they had experienced a cyber security attack during the past two years, leading to an interruption in their business activities.
That same month, aluminum producer Norsk Hydro was hit by ransomware that shut down global operations. That attack cost the Norway-based company about $50 million, according to recent reports.
Norsk Hydro is hardly alone. Equifax, Target, Home Depot, Subway, Goodwill Industries, JPMorgan Chase, Visa and MasterCard have all had a major cyber security breach in just the past six years. The number of organizations affected by a cyber security issue has become so large that some have argued it would be impossible to include them all.
The White House said in its statement that the president’s most recent order would allow federal workers to temporarily be reassigned to other agencies so they can increase their cyber security expertise. Trump also created a new President’s Cup Cybersecurity Competition and the Presidential Cybersecurity Education Awards. The latter of those will recognize elementary and high school teachers who include cyber security-related content in their classrooms.
Federal agencies will also create cyber security aptitude assessments that they can use to reskill employees and train future talent.