Return to Article: Government still suffers from information insecurity

By Jill R. Aitoro jaitoro@govexec.com February 15, 2008
  • 43871

    That's what you get from jumping into something with both feet without careful analysis. I wonder if all the SOA and EA junk being implemented will need to be revisited. That will cost the taxpayers even more -- because of poor analysis, planning, and weak implementation.

    frank Posted February 19, 2008 6:12 PM
  • 43810

    Seems that too few people understand risks and make the proper assessments. All C&A activities and FISMA are approximations, shortcuts for risk assessments. Even given the easier way out, many folks still put energy into circumventing the process, "gaming the process" as I often say. Those who understand the real risks should have a say in what the security controls should be. Then, hopefully, agencies will become believers and understand that the security requirements are important. ..and as concerns procurements and program development, security experts should be at the table from the very beginning of any procurement discussions. Lastly, if the Government wants the contractors to include security in their bids, then the Government must make security a part of each RFP.

    Roger Rocket Posted February 19, 2008 10:00 AM
  • 43795

    This is part of the problem in the misinterpretation of the policies and procedures. The Continuity of Operations Plan (COOP) is the restoration of business functions should a building become inaccessible (Ie DOJ during flooding). A Contingency Plan (CP) (NIST SP 800-34) refers to restoring a system to its full operational cability.

    The above article does not begin to cover the whole story, it would be interesting to see how many agencies have Certified Professionals (CISSP, CISA, CISM) that assisted in acquiring a failing mark. It is the unethical practices of upper management and the shear misunderstanding of the whole process that gives way to inadequate securiy measures.

    FISMA is a joke, it that the scorecard only lists the Executive Branch, where are the Judicial and Legislative Branches. FISMA clearly specifies federal agencies and yet only one branch is lame enought to report to the FISMA standards. Why?

    The last article in FISMA must be true: 3549. While this subchapter is in effect, subchapter II of this chapter shall not apply.''.

    Are the other two branches exercising this section and not reporting to congress or OMB on their effectiveness.

    If it is desired to fix this probelm, try replacing the management levels that on political agendas and not caring for their own agency beenfits.

    Robert Edwards Posted February 19, 2008 8:30 AM

Post a Comment

To post a comment, you must provide a name and a valid e-mail address. Messages must be limited to 400 words. By using this Service you agree not to post material that is obscene, harassing, defamatory, or otherwise objectionable. Although Government Executive does not monitor comments posted to this site (and has no obligation to), it reserves the right to delete, edit, or move any material that it deems to be in violation of this rule.

Government still suffers from information insecurity
*
*
*
Vendors Solutions Center