Getting inspectors general and agencies' IT security heads to agree on how best to evaluate information security should strengthen U.S. federal government agencies' risk management frameworks, say former OMB leaders Karen Evans and Franklin Reeder.
A bill to reform the Federal Information Security Management Act, which is heading to the House of Representatives, delineates the responsibilities for each agency's chief information security officer. Read what they are.
The bill's chief sponsor says agencies struggle with cyberthreats. "This update to FISMA will incorporate the last decade of technological innovation, while also addressing FISMA shortcomings realized over the past years." Rep. Darrell Issa says.
Debate over cybersecurity bills last year coupled with recent, highly publicized attacks have raised the visibility of the threat, and that could push Congress to enact IT security legislation in 2013, White House Cybersecurity Coordinator Michael Daniel says.
As enterprises move more applications to the cloud, continuous monitoring will play a greater role in assuring the software is patched in a timely manner, says John Streufert, DHS director of federal network resilience.
In light of growing threats and the increasing complexity of information technology, organizations must get everyone in the enterprise, especially top leaders, involved in assessing and managing information risk.
Members of the U.S. Congress may be more sensitive to cyberthreats than they were in the past, but that doesn't mean they truly all appreciate the risk key government and private-sector IT systems face, says House Cybersecurity Caucus Co-Chair Jim Langevin.
The individual implementing security - the chief information officer - can't be the same as the person responsible for testing security, conducting audit and reporting on security weaknesses, South Carolina Inspector General Patrick Maley says.
Both candidates have made fleeting references to cybersecurity during the presidential campaign, but neither has addressed the matter in detail. How different would a President Romney be from a second-term President Obama?
CIO Roger Baker concurs with auditor's recommendations, saying the Department of Veterans Affairs has "embarked on a cultural transformation" and that "securing information is everyone's responsibility."
The White House Office of Management and Budget, in its yearly Federal Information Security Management Act report to Congress, gives departments and agencies mixed grades in their efforts to secure federal IT for fiscal year 2011.
NIST's latest guidance adds controls that reflect the rapidly changing computing environment, but the fundamentals of implementing controls haven't changed, Senior Fellow Ross says in a video interview.
White House Cybersecurity Coordinator Howard Schmidt, in an exclusive interview, expresses optimism that Congress could enact significant cybersecurity legislation this year even if President Obama doesn't get all that he wants in an IT security bill.