HOME | Products | Stock Product | Solutions News Service | About Us | Contact Us
    Products Line
    Product Search
Search By Part Number£º
 
Feds' IT Security Performance a Bit Less Dismal

The U.S. government has received the not-so-stellar grade of "C-" in an annual report card on its IT security practices. The good news is that compared to earlier rankings mandated by the Federal Information Security Management Act, or FISMA, the government has improved its score. The Department of Homeland Security, for instance, received a "D" for 2006, compared with an "F" in 2005. The Department of Energy pulled its grade up to a "C" from an "F." The agency that made the greatest progress was the Department of Justice, which received an "A-" for 2006, compared to a "D" in 2005. Not all agencies improved. The Department of Commerce received an "F" for its security processes last year, compared with a "D+" in 2005. NASA, for its part, slid to "D-" in 2006, compared to "B-" in 2005. Accountability and Oversight Overall, the results are sobering, said Robert Sicilia no, author of The Safety Minute: 01 and a consultant whose clients include British Petroleum, KPMG and GMAC. Not surprisingly, the results have prompted a wave of criticism -- from lack of accountability to lack of standards enforcement -- as well as advice, such as investing in high-level automatic encryption technologies. Sicilia no, for his part, attributes the lax scores to a system that is lacking accountability, training and oversight. Also, security responsibilities have not been part of the traditional mandate of IT staffers, he told the E-Commerce Times. "Their job has been to ensure that systems are functioning properly," Sicilia no said, "so the relationship between security and IT has never been solidified. In the government, they have evolved into two different entities." It has only been in the last few years that there has been a serious drive to join the two. No Enforcement Without penalties or incentives linked to FISMA compliance, agencies may not put it at the top of their IT priorities, Mark Zalubas, CTO of Merlin International Federal Research Consortium, a group of Information Assurance application providers, told the E-Commerce Times. This is not necessarily a sign of incompetence or laziness. It could be that an agency has the resources either to patch vulnerability in a system or to comply with an assessment by FISMA -- but not to do both, he speculated. Obviously, it would choose to meet the immediate need. Also, the fact that the grades are improving, for the most part, speaks volumes about the federal government's efforts in this area, Zalubas added. "They are heading in the right direction." Human Behavior The feds are not immune to making the same mistakes that the private sector makes, Patrick McGregor, president and CEO of Bit Armor Systems, told the E-Commerce Times. Recently -- just to site one example -- the Internal Revenue Service was rebuked for allowing its employees to carry home laptops containing taxpayer information. For some reason, neither the private nor the public sector has been able to keep employees from loading sensitive data onto their laptops, he said. "It can be a difficult thing to control." For that reason, "the government needs to start encrypting data from the moment it is created to the moment it is destroyed," McGregor advised. The government needs to spend more on IT security, agreed James Butterworth, director of incident response at Guidance Software. "I think the unifying theme that transcends both government and commercial sectors is that both are undermanned and under funded in this respect, as well as being too busy with operational mandates," he explained. Automating compliance would go far to solve many of the security breaches that occur, commented Butterworth. How Valuable? Based on security evaluations defined in the 2002 FISMA regulations, the House of Representatives' Committee on Government Oversight and Reform issues the Federal Computer Security Report Card annually. Many federal chief information security officers have mixed views about FISMA, Merlin International's Zalubas pointed out, citing a survey his firm conducted among these executives about their agencies' Federal Computer Security Report Card grades for 2007. Among its findings: CIOs still struggle with language ambiguities related to the FISMA guidelines. Also, CIOs from large and small agencies hold divergent opinions on the £¦#118alue of the Report Card process. Source by Erika Morphy TechNewsWorld

 
Publication date [ 2007/4/18 ]   Read [ 665 ]
 
[ Print ]  [ Back ]  [ Top ]  [ Close ]  
HOME | About us | News | Agent Products | Stock Products | Solutions | Enquiry | Contact Us |
Office Address£ºRoom 3204-3205, 32/F, International Technology Building, 3007 Shennan Middle Road, Shenzhen
Tel£º+86-755-83035777;   61350000
Fax£º+86-755-8303 5708; E-mail£ºSales@sy-ic.cn
Sales Address£º2C013 Room,2/F, DuHui 100 Building ZhongHang Road,ShenZhen
Tel£º+86-755-83681111;   83013622;   83013633
Fax£º+86-755-83013699; E-mail£ºSales1@sy-ic.cn
Copyright © 1989-2021 Shuyang Industry. All rights reserved.