http://voices.washingtonpost.com/securityfix/2009/04/proposal_would_shore_up_uncle.html By Brian Krebs Security Fix The Washington Post April 27, 2009 While cyber attacks have evolved dramatically since the beginning of this decade, the regulations governing how federal agencies defend against digital intruders haven't been updated since 2002. Legislation expected to be introduced Tuesday in the Senate would seek to correct that imbalance. The "U.S. Information and Communications Enhancement Act of 2009," which would update the Federal Information Security Management Act, or FISMA, calls for the creation of hacker squads to test the defenses of federal agency networks. In addition, agencies would be required to show that they can effectively detect and respond to the latest cyber attacks on their information systems. Critics of the current law say it merely requires agencies to show they have the proper cyber security policies in place, but not necessarily demonstrate that those policies are helping to block or mitigate real-world attacks. "Only about five federal agencies are testing to see whether they are actually implementing these requirements," said Alan Paller, director of research for the SANS Institute, a security training group based in Bethesda, Md. "Agencies need to be measured on how well they block known attacks, and that's the opposite of what they're measured against now, which is how secure they are on paper." [...] -- LayerOne 2009, Information Security for the discerning professional. May 23-24 2009 @ The Anaheim Marriott in Anaheim, California Visit http://layerone.info for more informationReceived on Mon Apr 27 2009 - 23:12:35 PDT
This archive was generated by hypermail 2.2.0 : Mon Apr 27 2009 - 23:22:34 PDT