To assure top grades in IT security audits, the National Science Foundation conducts penetration and vulnerability tests before the inspector general conducts its own inspection.
FISMA has been somewhat maligned this year as a paper-pushing law that prompts chief information security officers to file the right documents rather than truly secure the IT their charged to safeguard. But Gil Vega sees a lot of good in the seven-year-old Federal Information Security Management Act.
The CISO at...
Complying with FISMA requirements can be tough. It's almost always time consuming, costly, and complex�and for some agencies it seems impossible to achieve. A recent GAO congressional report says that most agencies continue to have security weaknesses in major categories of controls. This puts U.S. economic and...
Consequences from cyber attacks aren't as devastating as many Washington insiders maintain, and the way government safeguards critical digital assets should parallel those it uses to defend the physical world, a noted IT expert says.
Larry Kettlewell is Kansas' chief information security officer, but has no direct authority over individual state agencies' implementation of IT security. But Kettlewell isn't without influence. He chairs the state IT Security Council and heads the Department of Information Services and Communication's Enterprise...
Interview with National Science Foundation CIO George Strawn
It's not too often you find an IT leader praising FISMA, but National Science Foundation CIO George Strawn says his agency has made great strides in securing IT by following Office of Management and Budget guidance on the Federal Information Security and...
Jim Harper contends cyber terrorism does not exists, believing it's a creation of politicians, government contractors and pundits who try to make the problem of securing government IT bigger than it really is. Simply, it's a scare tactic.
"Cyber terrorism, in particular, cannot exist," says Harper, director of...
When a consortium of federal agencies and private organizations circulated among federal agencies earlier this year the Consensus Audit Guidelines, the IT security team at the State Department mapped these 20 most critical cybersecurity controls against security incidents reported by State to the Department of...
To get a peak as to how IT security will be measured after FISMA, take a look at what's happening at Foggy Bottom.
The State Department in 2006 instituted its Risk Scoring Program, which is aimed at pinpointing and correcting the worst vulnerabilities on any particular day on any of its worldwide systems and...
FISMA needs fortification because the present approach to federal IT security hasn't fully mitigated the threat to government systems, the Government Accountability Office tells Congress.
Naming a cybersecurity czar, reforming FISMA, securing cloud computing, enhancing cybersecurity R&D and updating the Privacy Act top list of summertime goals.
The Federal Information Security Management Act of 2002 (FISMA) was passed with the purpose of improving computer and network security at government agencies and government contractors. The Act called for increased security standards and yearly audits of the systems and processes, and tasked the National Institute of...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
