Defense Information Systems Agency Risk Management Executive Roger Greenwell highlighted two areas DISA is looking for small business to assist with — leveraging automation and doing a more thorough assessment of their own systems — during a “Leadership in Action” event at the agency’s headquarters Jan. 26.
The Leadership in Action speaker series, sponsored by DISA’s Office of Small Business Programs (OSBP), aims to educate small business representatives about the latest trends and challenges facing the Defense Department, according to a DISA release.
Greenwell provided an overview of the DoD Risk Management Framework, focusing on what is needed to deliver systems with strong security to operate in today’s threat environment.
DISA is seeking assistance with risk management from small businesses, said Greenwell.
“We cannot avoid risk in the department, but we have to be able to manage it,” Greenwell told more than 80 small businesses representatives in attendance.
Greenwell explained the importance of automation and leveraging it in a way that allows DISA to identify security system risk factors, analyze them, and take steps to reduce adverse effects.
“One of my big wishes is how do we get a process that is more automated so we can be able to dig down into some of those bunny trails and figure out, at a more in-depth level, what the security in that system is,” said Greenwell. “If we have tools that help us with the core components through automation, then we can bring more of the human analysis to those results and follow the bunny trails wherever they lead us.”
Greenwell underscored the need to assess systems thoroughly.
“For me, one of the key things I am looking for when a team is building and assessing a system is are they really looking at all the facets of security for that system,” said Greenwell.
“I sometimes have people show me how they met the security requirement. I will ask, ‘Did you test to see whether it did or did not meet this requirement, if a condition changes?’ I will get told, ‘No, that was not listed as a requirement.’”
Small businesses need to look beyond the listed requirements to provide value, he said.
For more information, please email the DISA Office of Small Business Programs or by phone at 301-225-6003.