[ISN] Security shifting to enterprise

From: InfoSec News (isnat_private)
Date: Thu Feb 21 2002 - 01:54:03 PST

  • Next message: InfoSec News: "Re: [ISN] Lockstep repairs hacked Web sites with WebAgain"

    By Diane Frank 
    Feb. 20, 2002
    New Office of Management and Budget requirements aimed at better
    showing how agencies are securing individual systems are also
    highlighting how security is changing as agencies focus more on the
    enterprise, Kamela White, an OMB policy analyst, said Feb. 19.
    In the past two years, agencies have had to indicate the percentage of
    security funding included in the budget request for every information
    technology system. This reporting requirement for Exhibit 53, the
    portion of an agency's budget submission that details IT budget
    requests, is intended to get agencies to focus on including security
    in a system's planning.
    Security funding across agencies has risen from $2.7 billion in fiscal
    2002 to $4.2 billion in fiscal 2003. But some of that increase may
    simply be caused by agencies finally complying with the requirement,
    White said at the Digital Government Institute's Capital Planning and
    Control seminar in Washington, D.C.
    "For the '03 budget, all agencies reported IT security costs for all
    their systems, and that was definitely not that case in '02," she
    This demonstrates that the push to get agencies to develop enterprise
    architecture plans and complete capital planning and investment
    control processes is working, White said.
    The focus on enterprise solutions, however, now includes enterprise
    security, including agencywide public-key infrastructures for
    transaction authentication. Such security investments are not tied to
    a particular system, making it hard to work them into the Exhibit 53
    report, one agency official pointed out.
    This enterprise issue came up several times during the evaluations of
    agencies' budget requests, White said.
    Although OMB has not yet developed guidance, agencies should make sure
    to fully explain any such apparent discrepancies in their budget
    documentation, including any methods to prorate enterprise security
    into the requests for specific systems, she said.
    [Related link: http://www.whitehouse.gov/omb/memoranda/m00-07.html ]
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.

    This archive was generated by hypermail 2b30 : Thu Feb 21 2002 - 05:05:50 PST