http://www.fcw.com/article103601-08-27-07-Web By Ben Bain Aug. 27, 2007 The vast majority of federal chief information security information officers noted that laptop use has increased in their agencies over the past year, and more than half said that securing data on mobile devises is now their primary concern, according to a recent survey of 35 of the 117 federal CISOs. They are worried that federal teleworkers do not have sufficient data security training and technology, according to the poll conducted by the Telework Exchange and underwritten by Hewlett Packard [1]. This is especially true when it comes to "unofficial" teleworkers -- people who work from home at night and on the weekends without going through an agency's telework program. These individuals are the biggest threat, according to one quarter of CISOs. In contrast, nine in ten CISOs said official teleworkers were not a security concern. 63 percent said agencies need to find out who is teleworking and from where -- and that everyone teleworking should go through the agency program. The technology infrastructure, though, is not a problem, the survey. More than eighty percent also said that their telework-mobile computing infrastructure did not hinder their ability to meet Federal Information Security Management Act (FISMA) requirements. Laptop computers are increasingly an important part of an agency's enterprise. Although almost three-quarters of survey respondents said that laptop use had increased between ten and twenty percent last year, overall just seventeen percent of the CISOs said laptop use was as high as fifty percent in their agencies. The ideal would be for all employees to have an encrypted laptop regardless of whether they primarily telework or not, as well as to increase training, said Lauren Olsen, a Telework Exchange spokeswoman. The way we see it over all so many people are mobile, she said. Our recommendation is to treat everyone as a mobile employee. CISOs seem to agree. 74 percent of respondents said agencies should ensure employees get mobile data security training, regardless of whether they telework or not. [1] http://www.teleworkexchange.com/cisostudy/CISOStudy.pdf ____________________________________ Attend HITBSecConf2007 - Malaysia Taking place September 3-6 2007 featuring seven tracks of technical training and a dual-track security conference with keynote speakers Lance Spitzner and Mikko Hypponen! - Book your seats today! http://conference.hitb.org/hitbsecconf2007kl/
This archive was generated by hypermail 2.1.3 : Mon Aug 27 2007 - 22:26:30 PDT