Gregory Wilshusen is director of information security issues at the U.S. Government Accountability Office. He oversees its IT security investigations and audits of federal government agencies and programs. He is a frequent witness before Congressional panels, testifying on government IT security. He discusses the need to offer security training to all end users; the importance of testing policies, procedures and technologies; the urgency of quickly resolving vulnerabilities when they’re identified; the need for testing policies and procedures is critical, he says.”]
Source: https://www.cuinfosecurity.com/building-effective-enterprisewide-security-program-a-11456