The State Department created the position of enterprise chief information security officer to help address cyber coordination challenges, and Stuart McGuigan, chief information officer at the State Department, said the E-CISO will be responsible for all cybersecurity aspects across the agency, Federal News Network reported Monday.
“Any bureau that maintains their own cyber infrastructure will be responsible to the E-CISO for meeting all required cyber standards,” McGuigan said in an email to the network.
He said the E-CISO will oversee the development and implementation of enterprise information security initiatives, including procedures and policies aimed at safeguarding the department’s communications platforms from external and internal threats.
In an online video provided to FNN, McGuigan said the new E-CISO will be responsible for all cyber oversight and policy activities carried out by the information assurance organization and the deputy CIO for insurance assurance will oversee all cyber operations of the information resource management office and will be renamed deputy CIO for cyber operations.
“These new enhancements will increase transparency throughout IRM’s cybersecurity efforts and strengthen the partnership we have with the Bureau of Diplomatic Security,” McGuigan said in the video.
The department is also establishing the office of global information technology risk within the E-CISO and McGuigan said in a memo to Undersecretary of State for Management Brian Bulatao, “GITR will develop policy, procedures and templates to guide organizations within the department responsible for IT to conduct their own IT risk assessments and report results” to inform the leadership’s decisions for risk management and situational awareness.