[ISN] Agencies need to get creative to save money, meet security requirements

From: InfoSec News (alerts@private)
Date: Wed Nov 08 2006 - 22:13:20 PST


http://www.fcw.com/article96754-11-08-06-Web

By Matthew Weigelt
Nov. 8, 2006

SAN DIEGO - Complying with Office of Management and Budget directives to 
secure agencies sensitive information through encryption and 
multilayered access authentication will be expensive, but agencies 
should look for creative ways to lower the costs, according Justice 
Department officials.

A June OMB memo directed agencies to encrypt all data on remote devices, 
require people to use two identification methods to log onto secure 
networks by remote access and use time limits to prevent sessions from 
staying open and vulnerable indefinitely.

Dennis Heretick, chief information security officer at the Justice 
Department, and Mischel Kwon, director of wireless information security 
in Justices Justice Management Division, agreed that the toughest 
requirement is logging all computer-readable data taken from databases 
holding the sensitive information. Technology to do that, such as the 
Enterprise Data Rights Management, is new and needs more testing.

The two officials, who spoke Nov. 7 at Federal Computer Weeks Government 
CIO Summit in San Diego, said agencies will spend a lot of money to meet 
the requirements.

Kwon offered suggestions, saying agencies should consider who has remote 
access. They should question whether all employees need laptop computers 
or whether certain employees need to work from home. Answering those 
questions can cut costs by eliminating the need to secure unnecessary 
remote access points, she said.

Security is always more than encryption, Kwon said.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Wed Nov 08 2006 - 22:39:41 PST