Cybersecurity Fellow
IBM Center for The Business of Government
United States

Mr. Lainhart was our Cybersecurity Fellow Emeritus and previously was the IBM Global Business Services (GBS) US Public Sector Cybersecurity & Privacy Service Area Leader. He was the Co-chair of the US National Association of Counties (NACo) Cyber Security Task Force. He also served as Co-chair of the COBIT 5 Task Force and Principal Volunteer Advisor for IT Governance, COBIT, ValIT and RiskIT related initiatives. Mr. Lainhart was recognized as the “father” of the Certified Information Systems Auditor (CISA) program. He also co-authored two books on information systems auditing -- System Development Auditor and Computerized Information Systems (CIS) Audit Manual and a National Institute of Standards and Technology special publication on systems development life cycle auditing.

Previously, on November 14, 1993, Mr. Lainhart became an Officer of the U.S. House of Representatives, being appointed the first Inspector General. He was reappointed for the 104th through the 106th Congresses. Unanimously appointed by the Speaker, Majority Leader and Minority Leader, Mr. Lainhart was responsible for conducting periodic audits of the financial and administrative functions of the House and joint entities, and notifying the Speaker, Majority Leader, Minority Leader, and the Chairman and ranking minority member of the Committee on House Administration of the results of the audits conducted. He retired from Federal service on March 31, 1999.

Prior to his service with the House of Representatives, Mr. Lainhart was a member of the Federal Government's Senior Executive Service in the Office of Inspector General (OIG), U.S. Department of Transportation (DOT). He served as the Assistant Inspector General for Policy, Planning, and Resources and was responsible for overall OIG policy and planning for audits, evaluations, and investigations; developing applicable audit, evaluation, and investigative standards and procedures; and providing necessary financial management, administrative, human resources, and information technology support.

Mr. Lainhart also served as Group Director in the Information Management and Technology Division and Human Resources Division, U.S. Government Accountability Office (GAO). As such, he was responsible for performing all information systems audits of Federal programs administered by the Departments of Health and Human Services (including the Social Security Administration), Education, and Labor, and Veterans Affairs. He was also responsible for providing Computer Assisted Audit Techniques (CAATS) assistance to GAO audit staff. In addition, he wrote several GAO audit guides and articles detailing the procedures required to perform audits in the information system environment.

Mr. Lainhart remained very active in the ISACA and the IT Governance Institute, having served as 1984-1985 International President. He was a member of the National Capital Chapter since its inception in 1974. He was a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in the Governance of Enterprise IT (CGEIT), Certified in Risk and Information Systems Controls (CRISC), Certified Information Privacy Professional/Government (CIPP/G) and Certified Information Privacy Professional/US (CIPP/US).

While with GAO, Mr. Lainhart received several awards for innovative computer auditing techniques. While with DOT, Mr. Lainhart was the 1988 Paul R. Boucher, Presidential Award winner--the President's Council on Integrity and Efficiency's highest award; in November 1991, he received the Presidential Rank Award of Meritorious Executive; and in November 1993, he was awarded DOT's Exceptional Service Award. In June 1988, he was awarded the ISACA/F's highest award, the Eugene M. Frank Award for Meritorious Service, and in June 1991 he became the 14th recipient of the ISACA New York Metropolitan Chapter's Joseph J. Wasserman Award. He also received ISACA’s 1995, 1996 and 2007 President’s Awards. In November 1996 he became the first recipient of ISACA’s John Lainhart Common Body of Knowledge Award and in 2012 received his namesake award again for his COBIT 5 leadership. In August 2007, he was awarded an Honorary CPA and lifetime membership to the AICPA. He received the 2008 V. Lee Conyers Award from the ISACA National Capital ea Chapter for outstanding contributions to the IT Assurance, Governance and Security Profession. Also, in October 1994, he was awarded the Navy Commendation Medal.

Mr. Lainhart received a B.A. in Business Administration from Davis and Elkins College and a M.A. in Management and Supervision from Central Michigan University. Mr. Lainhart is a retired Captain in the U.S. Navy.

John Lainhart

Mr. Lainhart was our Cybersecurity Fellow Emeritus and previously was the IBM Global Business Services (GBS) US Public Sector Cybersecurity & Privacy Service Area Leader. He was the Co-chair of the US National Association of Counties (NACo) Cyber Security Task Force. He also served as Co-chair of the COBIT 5 Task Force and Principal Volunteer Advisor for IT Governance, COBIT, ValIT and RiskIT related initiatives. Mr. Lainhart was recognized as the “father” of the Certified Information Systems Auditor (CISA) program.

Improving IT Security Through Implementing Sound Enterprise IT Governance

In the face of ever-increasing cybersecurity risks, significant attention is being paid toward improving preparedness and response of agencies, vulnerabilities and threats. throughout  the public sector.

Achieving enterprise security to support agency services

Increased connectivity has transformed and improved access to government – citizens today can connect with government agencies and leaders in ways that were unimaginable just a few years ago.

How agencies' security efforts can drive economic growth

Understanding the link between cybersecurity, physical assets and economic growth can help the government design an approach that provides both IT and economic security. A cyber incident can have physical impacts, while a physical incident can have cyber implications -- and both are likely to come with economic costs.

To foster a climate in which cyber and physical assets foster economic vitality, both risks must be addressed and technology must be seen as a key player in economic development.

New Report from the IBM Center: A Framework to Improve Management of Cyberspace

This report is the product of a group of experts, which was convened by the Department of Computer Science at the Indiana University of Pennsylvania (IUP). IUP brought together an interdisciplinary panel of experts in national security, international relations, foreign policy, information system network and security, public policy, and computer science. These experts participated in two collaborative roundtable meetings during the first six months of 2014. The report presents results from the roundtable discussions, as well as other research conducted by the author.

IT Governance, Risk Management, Security & Privacy – a Perspective for the C-Suite

Today, more than ever, with the increasing number of cybersecurity attacks on government organizations and threats of data breaches to the privacy of government officials and their staffs, and government contractor staffs, strong IT Governance based on sound IT risk management is critical to restoring confidence in the security and privacy protections provided by our Federal Government.  This is no longer purely an IT technology issue but an issue that must be addressed at the top layers of government – from the “overseers” of IT policy (e.g., Office of Management and Budget (OMB), National

A Roadmap for Implementing and Improving IT Governance

As previously discussed, all Federal departments/agencies were charged with establishing an IT Governance program per OMB Memorandum M-09-02.

Creating the appropriate environment for successful adoption of IT Governance that supports improved security

To start, guiding principles can ensure that all staff have a common understanding of the core IT Governance criteria. These guiding principles let staff know that IT Governance is recognized by the C-Suite as critical to the organization’s success, and that IT resources result in maximum effectiveness and efficiency across the organization. It ensures that security is integrated in meeting requirements and delivers benefits set by an organization’s business leaders.

New Organizational Structure Required for an Effective IT Governance Program With Strong Security

This consists of a definition of IT Governance communicated throughout the agency, and the establishment of a new organizational structure to ensure the IT Governance Program is effective and continuously improved. Continuing with the Veterans Affairs Department (VA) example discussed in the previous blog, below is the definition VA developed and a generic discussion of the organizational structure that VA adopted. The VA model provides an excellent example for agencies to consider as they implement IT governance.

Benefits of Effective IT Governance with Strong Security

This post is the fourth in a series on how strong IT Governance can help drive effective security across Federal enterprises. See the first installment. In the first example, a federal agency needed to transform the way it governed and managed IT within the Department. It created three boards: an IT Leadership Board, a Budgeting and Near Term Issues Board, and a Programming and Long Term Issues Board.

Pages