As the digital environment rapidly evolves and data security becomes a top concern for federal agencies and industry, protecting data and applications that rely on secure data requires a comprehensive and continuous focus on cybersecurity. said the Consumer Financial Protection Bureau’s chief information security officer. (CFPB) announced on September 25th.
Speaking at the NextGov event on September 25, CFPB CISO Tina Rodrigue emphasized the dynamic nature of cybersecurity, explaining that it is an iterative process that requires continuous vigilance. .
“Data security is a means, not a destination,” Rodrigue said, calling for security to be built into every step of product development and maintenance.
“Think about how, through emergence, they can connect and create a whole that is more than the sum of its parts,” Rodrigue said. “We also need to think about how we think about product development and how we consider aspects such as security, zero trust, supply chain, risk management, resilience, and systems thinking. As you develop, you can create a minimum viable product (…) its identity, its logging, its monitoring, its data protection, its availability, all of this.”
In addition to incorporating principles such as zero trust and resiliency into the conceptual and operational stages of cybersecurity planning, Rodrigue also focuses on incorporating principles such as zero trust and resiliency into the conceptual and operational stages of cybersecurity plans, as well as static application security testing (SAST), dynamic application security testing (DAST), external security testing, etc. emphasized the need for rigorous testing. Facing software.
Rodrigue also mentioned the importance of third-party security certifications, which are required by the Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) to identify weaknesses before they become security risks. did.
“If we think of every input to a system as a potential source of malware, each point of input can have a cascading effect, much like a river becoming polluted and becoming more concentrated. “We can see that there is a letter of certification as well,” Rodrigue said. “Part of what we can determine is where third-party software producers are confident they are doing the right thing, and more importantly, where third-party software producers are confident they are doing the right thing. Where do people lack confidence in their abilities?”
Beyond technology, Rodrigue said cybersecurity is “everyone’s job” and called for continued training and capacity building.
“We ensure our workforce is trained, competent and has the critical thinking necessary to keep resiliency top of mind, and because the risks to data security themselves are dynamic. , this is not a one-off review, but an ongoing review that requires repeated reinforcement,” she said.
“It’s difficult, and it’s only going to get more difficult, but once we recognize that cybersecurity is everyone’s job, we can put the cyber smarts and the cyber hearts in the right place,” she said. Said.
