Re: [ISN] Infosec research bill amended

From: InfoSec News (isnat_private)
Date: Thu May 23 2002 - 02:58:32 PDT

  • Next message: InfoSec News: "[ISN] GSA preps security solutions"

    Forwarded from: Richard Forno <rfornoat_private>
    
    > http://www.fcw.com/fcw/articles/2002/0520/web-cyber-05-21-02.asp
    > 
    > By Diane Frank 
    > May 21, 2002 
    
    > The standards would be "a baseline minimum security configuration
    > for specific computer hardware or software components, an
    > operational procedure or practice, or organizational structure that
    > increases the security of the information technology assets of a
    > department or agency," according to the amendment.
    
    I find it hysterical - and sad - that such a common-sense 'baseline'
    of what is essentially a crack at 'best practices requirements' for
    federal systems was an 'amendment' to a piece of legislation and not
    an original component.
    
    Sort of like an afterthought. These Hill folks *still* don't get it.
    
    > Working through the National Science Foundation and the National
    > Institute of Standards and Technology, the bill would inject more
    > than $900 million into security research, grants, training and
    > education during five years. Such investment is something educators
    > and researchers have often called for in recent years.
    
    Yep, more LONG-TERM projects. What about the HERE and NOW problems we
    already know about?
    
    > However, the committee had no intention to set technology-specific
    > standards that could stand in the way of innovation or new
    > technologies, according to one staff member who asked not to be
    > named.
    
    Good - PKI and smart-cards - while popular and oft-hyped solutions -
    are essentially snake-oil in most of the large deployments I've seen,
    doing little to really, truly, increase the level of effective
    security. However, they could've said something about not using
    certain operating systems and applications until certified truly
    secure and stable than they currently are.  :)  Not surprising they
    didn't, though.
    
    rick
    infowarrior.org
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu May 23 2002 - 06:47:11 PDT