Tom Romeo, Maximus’ federal services president, and Dave McClure, Veris Group’s chief strategist, have proposed a number of steps for agencies to address the enterprise security gap in their business processes.
Romeo and McClure wrote in a joint opinion piece for FCW published Friday that agencies need to apply rules, algorithms and models when integrating data security specifications into business process implementation.
“They must also understand how certain business-based rules can address service delivery efficiencies but introduce high risks that essentially compromise security and/or privacy,” they said.
Romeo and McClure noted that recent security breaches indicate “the serious nature of unexamined business rules that drive data access.”
To help close the security gap, the two executives also recommend forging relationships between the business and security teams and understanding their roles.
“Make sure executives understand and support the need for proper security,” they wrote.
Romeo and McClure also suggest consolidating security and privacy impact assessments into the development cycle of digital business processes.
They also highlighted the need to perform risk assessments and continuous monitoring activities that engage business process and security managers, and to enforce evidence-based controls testing.