http://gcn.com/articles/2012/09/13/datapoint-federal-it-security-survey.aspx By William Jackson GCN.com Sept 13, 2012 The most common concern for federal IT security professionals is regulatory compliance, according to nCircle’s recently released 2012 Federal Information Security Initiatives Trend Study. The results indicate misplaced priorities, said Karen Cummins, nCircle’s director of federal markets. “If you pick compliance, that suggests we’re a little out of balance,” she said. Agencies are expected to have risk-based security policies and controls in place to help counter the growing threat of online attacks. But despite changes in the way the Federal Information Security Management Act is being implemented, success still is being measured by reporting rather than by results. The Homeland Security Department has been given primary responsibility for overseeing FISMA and the emphasis has shifted from periodic assessment to continuous monitoring of IT systems. And “continuous monitoring” is being replaced by the term “continuous diagnostics and mitigation,” which Cummins said better reflects the goals of the program. This is to be enabled by automated data streams, which are fed to DHS through its Cyberscope reporting system. Automated data streams can be powerful tools for risk remediation, but what is being measured is the ability to report the data to DHS rather than its use within an agency. As a result, “the new FISMA looks a lot like the old FISMA,” Cummins said. [...] -- #HITB2012KUL - The 10TH ANNUAL HITB Security Conference in Malaysia with no keynotes, no labs - just three tracks filled with our most popular speakers from the last decade: http://conference.hitb.org/Received on Mon Sep 17 2012 - 01:26:21 PDT
This archive was generated by hypermail 2.2.0 : Mon Sep 17 2012 - 01:31:39 PDT