The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
Federal CISOs face a unique cyber security challenge - copious amounts of regulatory compliance paperwork. At the same time, the Federal government responded to more than 106,000 cyber attacks in 2011 - including cyber exploits that injected viruses, stole information, and disrupted Federal network...
Both candidates have made fleeting references to cybersecurity during the presidential campaign, but neither has addressed the matter in detail. How different would a President Romney be from a second-term President Obama?
Government agencies are confronting an increasingly hazardous IT security environment. To address the growing number of threats, as well as the widespread deficiencies in security controls, the federal government is implementing FISMA 2.0, which emphasizes the need for enterprise-wide continuous monitoring.
The IRS's monitoring of its systems focused mostly on Federal Information Security Management Act and National Institute of Standards and Technology requirements, which aren't intended to assure the integrity of financial reporting, the GAO says.
All government agencies, contractors and organizations that exchange data directly with government systems must be FISMA compliant. This may include such diverse entities as data clearinghouses, state departments and military subcontractors if data is exchanged directly with federal government systems. Coverage may...
CIO Roger Baker concurs with auditor's recommendations, saying the Department of Veterans Affairs has "embarked on a cultural transformation" and that "securing information is everyone's responsibility."
Legislation being drafted by an influential Republican House chairman to reform the Federal Information Security Management Act could, if enacted, reverse Obama administration policy on how IT security is governed in the federal government.
Tackling cybersecurity as a single enterprise, rather than through 26 major and 100-plus smaller departments and agencies, is one of the Obama administration's IT security aims, White House Cybersecurity Coordinator Howard Schmidt says.
The White House Office of Management and Budget, in its yearly Federal Information Security Management Act report to Congress, gives departments and agencies mixed grades in their efforts to secure federal IT for fiscal year 2011.
NIST's latest guidance adds controls that reflect the rapidly changing computing environment, but the fundamentals of implementing controls haven't changed, Senior Fellow Ross says in a video interview.
White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.
The National Institute for Standards and Technology (NIST) recently released new Federal Information System Management Act (FISMA) guidance in two publications. The aim of the new guidance is to help federal agencies develop a continuous monitoring program as part of a risk management framework. It is also supposed to...
Establishing an effective security incident response program is a key component of an information risk management strategy. And NIST has issued draft guidelines to help organizations implement such a program.