The federal regulations telling agencies how to secure their computer networks are overdue for an overhaul: Even the author of the 2002 law now admits that it needs updating to reflect today’s threats from hackers, viruses and cyber spies. Critics of the Federal Information Security Management Act (FISMA) long have complained that the way it has been implemented often amounts to a massive paperwork exercise. Yet somehow that criticism seems so much more valid when you actually see all of the resulting paperwork piled up one place. John Streufert, the chief information security officer at the U.S. Department of State, told a Senate Homeland Security and Governmental Affairs subcommittee Thursday that the department spent $133 million over the past six years on certification and accreditation (C&A) reports, a process whereby agencies evaluate every three years what defensive security protections are in place to secure federal systems. Streufert said that money
The federal regulations telling agencies how to secure their computer networks are overdue for an overhaul: Even the author of the 2002 law now admits that it needs updating to reflect today’s threats from hackers, viruses and cyber spies. Critics of the Federal Information Security Management Act (FISMA) long have complained that the way it [...]
If you enjoyed this article, please consider sharing it!
