http://www.fcw.com/fcw/articles/2004/1122/web-ciso-11-22-04.asp By Florence Olsen Nov. 22, 2004 A survey to be released today cites patch management as the No. 1 concern of chief information security officers in the federal government. The survey, conduced by O'Keeffe & Co. for Intelligent Decisions, a federal systems integrator, highlights the day-to-day concerns of federal CISO's and the effects that the Federal Information Security Management Act has had on them professionally. "The fact that they're saying software quality and patch management are way up there in terms of their pain — that's a pretty clear message to the vendor community that we need to figure out how to solve that problem," said Ted Ritter, director for cybersecurity at Intelligent Decisions. In the survey results, achieving FISMA compliance and avoiding a compromised network tied for second place among the concerns of federal CISOs. The survey results also showed CISOs spending a large portion of their time on administrative activities related to FISMA compliance, with the burden falling heaviest on those whose average full-time staff size is 2.6 employees. Federal CISOs who control a budget of less than $500,000 spend 45 percent of their time on FISMA compliance reporting and only 15 percent of their time on network security monitoring and inventory control. By contrast, CISOs who control a budget of more than $10 million spend 27 percent of their time on FISMA compliance reporting and an equal amount of time on network security monitoring, systems administration and trouble shooting. The telephone survey was based on interviews with 25 out of 117 federal CISOs. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Tue Nov 23 2004 - 05:31:52 PST