[ISN] Agencies to get security scores

From: InfoSec News (isn@private)
Date: Wed Dec 03 2003 - 02:12:56 PST

Next message: InfoSec News: "[ISN] Hacker calls police database easy target"

Previous message: InfoSec News: "[ISN] China implements new Wi-Fi security standard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.fcw.com/fcw/articles/2003/1201/web-fisma-12-02-03.asp

By Sara Michael 
Dec. 2, 2003

Agencies will soon receive grades for their progress in information
security.

Congressional representatives plan to release a report card next week,
grading agencies on their work under the Federal Information Security
Management Act (FISMA) of 2002, which strengthened congressional
oversight of security matters.

The report card is intended to raise the visibility of the need for
strong information security, said FISMA's author, Rep. Tom Davis
(R-Va.).

"Many times in government do we come out with another mandate and no
funding to do it? How do you prioritize?" said Davis, chairman of the
House Government Reform Committee, speaking at an event sponsored by
the Potomac Forum Ltd. and ICG Government. "This has not risen to the
level of attention that's needed from senior management."

Rep. Adam Putnam (R-Fla.), chairman of the House Government Reform
Committee's Technology, Information Policy, Intergovernmental
Relations and the Census Subcommittee, has been spearheading this
effort and will release the report card, Davis said. Typical
weaknesses include a lack of risk assessments, contingency plans, and
complete certification and accreditation, as well as a failure to fix
shortfalls found under FISMA's predecessor, the Government Information
Security Reform Act of 2000, he said.

"I think there's going to be some surprises in it," Davis said of the
report card. "Some agencies you'd expect to be out on top of this
thing haven't met it."

Information security will garner attention if there is a massive
cyberattack that could compromise the economy or homeland security, he
said. The idea behind FISMA and the report card is to be proactive in
security management.

"If we continue the way we're going, sooner or later we're going to
have a major incident," he said. "We're trying to stay ahead of the
curve."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] Hacker calls police database easy target"
Previous message: InfoSec News: "[ISN] China implements new Wi-Fi security standard"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Dec 03 2003 - 04:33:23 PST