Re: [ISN] New opportunities for NIST

From: InfoSec News (isnat_private)
Date: Mon Dec 09 2002 - 00:51:24 PST

  • Next message: InfoSec News: "[ISN] Linux Advisory Watch - December 6th 2002"

    Forwarded from: hugginsat_private
    Start smashing fingers and breaking heads interesting point.  As most
    who read ISN know I believe that we in corporate world and even more
    ineffecient than those in government at least they are evaluated and
    the reports submitted annually to congress and all the world to see.
    Improvements have been made however, until a standard evaluation
    process is developed the scores will fluctuate and failures will
    continue.  I propose that the US no the UN (not to be taken
    seariously) develop a minimum security guidance that all the world
    must meet and report annually to them and the world to see.  I
    guarantee you the major businesses would not even come close to the
    scores given our goverment.  We are critical infrastructures and we
    still leave open holes, and say need instead of must way to often.  
    MY 50 Cents worth.
     Forwarded from: matthew patton <pattonmeat_private>
    >> Federal security could improve if the secretary should decide to make
    >> additional NIST guidance and standards mandatory, but such a decision
    >> could also have drawbacks, said Sallie McDonald, assistant
    >> commissioner for information assurance and critical infrastructure
    >> protection at the General Services Administration. "But you don't get
    >> people's cooperation for the right reasons," and involuntary
    >> compliance could lead to agencies just checking off another
    >> requirement box instead of using the guidelines to improve their
    >> security management, she said.
    > Sure enough. But considering how bad most federal systems are, isn't
    > mandatory compliance with a reasonable set of standards better than the
    > tenuous notion that people should improve their security
    > management based on said guidelines? If the IG's of the world were
    > consistently giving agencies B- or better grades I would have no
    > argument. But as I recall, practically everybody is in the D- or F
    > category. It's time IMO to start breaking fingers and bashing heads.
    > Agencies who have national security impacting systems and who know
    > better are playing fast and careless with security. We ought to be
    > sacking a lot of people, gov't and contractor alike.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Mon Dec 09 2002 - 04:15:47 PST