[ISN] VA to certify project security

From: InfoSec News (isnat_private)
Date: Thu Aug 23 2001 - 02:11:34 PDT

  • Next message: InfoSec News: "[ISN] Report: No slump for security biz"

    By Judi Hasson 
    August 22, 2001 
    The new cybersecurity chief at the Department of Veterans Affairs says
    program managers will be asked to sign a contract certifying that they
    have installed security with every project they build.
    Bruce Brody, the associate deputy assistant secretary for
    cybersecurity, said in an interview Aug. 20 that the new policy is
    necessary because security is one issue that tends to "slip."
    "We are setting in place system security requirements," he said.
    "Theres a lot of independent action going on.... Its the renegades.
    Its the people who can put an uncertified network up there."
    Brody also said new rules for telecommuting would be published for VA
    employees. Not long ago, a worker in the Midwest using a home computer
    transmitted a virus to VA headquarters when he connected to his
    The policy will require workers to use a computer strictly dedicated
    to VA work, he said.
    Writing in the June/July 2001 issue of the VA newsletter, VAnguard,
    Brody said the VA has a long way to go to tighten security.
    VA information systems and networks are "so deficient in basic
    security protections that they represent a material weakness in our
    ability to provide timely, reliable services to those who rely on our
    service," he wrote. "There is also material weakness in our ability to
    protect the confidentiality, integrity and availability of the private
    information we maintain about those people to whom we provide
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 04:43:24 PDT