Major agencies continue to struggle with implementing the Federal Information Security Management Act, which governs government cybersecurity, more than a decade after its enactment, according to a GAO report.
Former OMB leaders Karen Evans and Franklin Reeder are trying to determine how to improve evaluation of information security within U.S. federal government agencies in an effort to correct current flaws.
Getting inspectors general and agencies' IT security heads to agree on how best to evaluate information security should strengthen U.S. federal government agencies' risk management frameworks, say former OMB leaders Karen Evans and Franklin Reeder.
A bill to reform the Federal Information Security Management Act, which is heading to the House of Representatives, delineates the responsibilities for each agency's chief information security officer. Read what they are.
The latest report to Congress on the implementation of the Federal Information Security Management Act runs 68 pages. But even after reading the entire report, don't be surprised if you can't tell if government IT systems are secure. Here's why.
The bill's chief sponsor says agencies struggle with cyberthreats. "This update to FISMA will incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years." Rep. Darrell Issa says.
Debate over cybersecurity bills last year coupled with recent, highly publicized attacks have raised the visibility of the threat, and that could push Congress to enact IT security legislation in 2013, White House Cybersecurity Coordinator Michael Daniel says.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
In light of growing threats and the increasing complexity of information technology, organizations must get everyone in the enterprise, especially top leaders, involved in assessing and managing information risk.
Members of the U.S. Congress may be more sensitive to cyberthreats than they were in the past, but that doesn't mean they truly all appreciate the risk key government and private-sector IT systems face, says House Cybersecurity Caucus Co-Chair Jim Langevin.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.