There was an interesting short article from the Government Computer News today, “CISO leaving Commerce for GAO.”
“Nancy DeFrancesco, the Commerce Department’s Chief Information Security Officer, is leaving the department to return to the Government Accountability Office. She will serve in GAO as an assistant director for security on the watchdog agency’s Information Technology team, the same position she held before going to Commerce in April 2002. In May 2006, DeFrancesco convinced Commerce officials to establish an education and training program for its information security professionals. The department awarded a contract to (ISC) 2 Inc. of Palm Harbor, Fla., to provide courses for employees to earn designations as Certified Information Systems Security Professionals (CISSP), System Security Certified Professionals (SSCP) and Certification and Accreditation Professionals (CAP). DeFrancesco declined to comment on her reasons for returning to GAO.”
Well, it is not unusual for people to go back to the same employer they used to have, and it has been almost 5 years since she left the GAO. I thought the statement indicating she awarded a contract for awareness and training to (ISC)2 was odd, though. It’s a good thing to have well trained and certified information security professionals. Was it the choice of the trainer that prompted this factoid? Or, was this the only action of significance during her tenure?
Good luck to Ms. DeFrancesco at the GAO; hopefully they will start to contribute to instigating more enforcement activities for currently un-enforced laws.
Tags: awareness and training, government, Information Security, IT compliance, policies and procedures, privacy