[ISN] Survey: CISOs worried about mobile data security

From: InfoSec News (alerts@private)
Date: Mon Aug 27 2007 - 22:17:51 PDT


http://www.fcw.com/article103601-08-27-07-Web

By Ben Bain
Aug. 27, 2007

The vast majority of federal chief information security information 
officers noted that laptop use has increased in their agencies over the 
past year, and more than half said that securing data on mobile devises 
is now their primary concern, according to a recent survey of 35 of the 
117 federal CISOs.

They are worried that federal teleworkers do not have sufficient data 
security training and technology, according to the poll conducted by the 
Telework Exchange and underwritten by Hewlett Packard [1].

This is especially true when it comes to "unofficial" teleworkers -- 
people who work from home at night and on the weekends without going 
through an agency's telework program. These individuals are the biggest 
threat, according to one quarter of CISOs. In contrast, nine in ten 
CISOs said official teleworkers were not a security concern.

63 percent said agencies need to find out who is teleworking and from 
where -- and that everyone teleworking should go through the agency 
program.

The technology infrastructure, though, is not a problem, the survey. 
More than eighty percent also said that their telework-mobile computing 
infrastructure did not hinder their ability to meet Federal Information 
Security Management Act (FISMA) requirements.

Laptop computers are increasingly an important part of an agency's 
enterprise. Although almost three-quarters of survey respondents said 
that laptop use had increased between ten and twenty percent last year, 
overall just seventeen percent of the CISOs said laptop use was as high 
as fifty percent in their agencies.

The ideal would be for all employees to have an encrypted laptop 
regardless of whether they primarily telework or not, as well as to 
increase training, said Lauren Olsen, a Telework Exchange spokeswoman. 
The way we see it over all so many people are mobile, she said. Our 
recommendation is to treat everyone as a mobile employee.

CISOs seem to agree. 74 percent of respondents said agencies should 
ensure employees get mobile data security training, regardless of 
whether they telework or not.

[1] http://www.teleworkexchange.com/cisostudy/CISOStudy.pdf


____________________________________
Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 
http://conference.hitb.org/hitbsecconf2007kl/



This archive was generated by hypermail 2.1.3 : Mon Aug 27 2007 - 22:26:30 PDT