[ISN] Agencies to get security scores

From: InfoSec News (isn@private)
Date: Wed Dec 03 2003 - 02:12:56 PST

  • Next message: InfoSec News: "[ISN] Hacker calls police database easy target"

    http://www.fcw.com/fcw/articles/2003/1201/web-fisma-12-02-03.asp
    
    By Sara Michael 
    Dec. 2, 2003
    
    Agencies will soon receive grades for their progress in information
    security.
    
    Congressional representatives plan to release a report card next week,
    grading agencies on their work under the Federal Information Security
    Management Act (FISMA) of 2002, which strengthened congressional
    oversight of security matters.
    
    The report card is intended to raise the visibility of the need for
    strong information security, said FISMA's author, Rep. Tom Davis
    (R-Va.).
    
    "Many times in government do we come out with another mandate and no
    funding to do it? How do you prioritize?" said Davis, chairman of the
    House Government Reform Committee, speaking at an event sponsored by
    the Potomac Forum Ltd. and ICG Government. "This has not risen to the
    level of attention that's needed from senior management."
    
    Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform
    Committee's Technology, Information Policy, Intergovernmental
    Relations and the Census Subcommittee, has been spearheading this
    effort and will release the report card, Davis said. Typical
    weaknesses include a lack of risk assessments, contingency plans, and
    complete certification and accreditation, as well as a failure to fix
    shortfalls found under FISMA's predecessor, the Government Information
    Security Reform Act of 2000, he said.
    
    "I think there's going to be some surprises in it," Davis said of the
    report card. "Some agencies you'd expect to be out on top of this
    thing haven't met it."
    
    Information security will garner attention if there is a massive
    cyberattack that could compromise the economy or homeland security, he
    said. The idea behind FISMA and the report card is to be proactive in
    security management.
    
    "If we continue the way we're going, sooner or later we're going to
    have a major incident," he said. "We're trying to stay ahead of the
    curve."
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Dec 03 2003 - 04:33:23 PST