FDIC Information Security and Privacy Strategic Plan: 2018-2021: Goal 3
STRATEGIC GOAL 3
Cultivate a workforce that is prepared to protect the FDIC from existing and emerging threats and challenges.
The FDIC workforce, within OCISO and across the enterprise, is the front-line defense against cybersecurity incidents, breaches, and risks. The FDIC will continue to attract and maintain the highest quality cybersecurity and privacy workforce commensurate with business needs, as well as ensure that best practices and training are shared across the enterprise.
3.1 Implement programs that create an environment to recruit and retain highly effective cybersecurity and privacy professionals.
- Ensure FDIC has a sufficient workforce commensurate with FDIC’s information security and privacy needs.
- Adopt leading practices for recruiting, selecting, and hiring cybersecurity and privacy personnel.
- Partner with appropriate entities within FDIC to identify targeted recruiting efforts to attract highly qualified early career professionals and implement career path opportunities.
3.2 Assess, develop, and implement training for the cybersecurity and privacy workforce throughout FDIC on emerging technology, threats, and federal mandates and guidance.
- Ensure the FDIC’s cybersecurity and privacy workforce has the capabilities and skillsets defined in applicable frameworks, such as the NIST NICE framework.
- Collaborate and communicate with appropriate entities within FDIC to create partnerships with universities, industry groups, and other entities to foster idea exchange, curriculum development, and awareness of leading practices.
- Promote understanding and adoption of enterprise security architecture principles and their application to IT investment and design.
- Develop and implement training plans for the FDIC cybersecurity and privacy workforce.
3.3 Ingrain cybersecurity and privacy within the FDIC culture through communication and collaboration.
- Promote an environment where FDIC personnel are aware and considerate of privacy and information security principles and responsibilities.
- Provide ongoing education, including communication, messaging, and training, for FDIC personnel on secure information practices.
- Establish forums or mechanisms that foster on-going information exchange and collaboration in the sharing and education of emerging areas of privacy or information security.
Risk is managed through a culture of shared responsibility for security and privacy across FDIC supported by a high-quality cybersecurity and privacy workforce balanced with business needs.