[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Survey: CISOs worried about mobile data security
From: InfoSec News <alerts () infosecnews ! org>
Date: 2007-08-28 5:17:51
Message-ID: Pine.LNX.4.61.0708280017420.22834 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://www.fcw.com/article103601-08-27-07-Web
By Ben Bain
Aug. 27, 2007
The vast majority of federal chief information security information
officers noted that laptop use has increased in their agencies over the
past year, and more than half said that securing data on mobile devises
is now their primary concern, according to a recent survey of 35 of the
117 federal CISOs.
They are worried that federal teleworkers do not have sufficient data
security training and technology, according to the poll conducted by the
Telework Exchange and underwritten by Hewlett Packard [1].
This is especially true when it comes to "unofficial" teleworkers --
people who work from home at night and on the weekends without going
through an agency's telework program. These individuals are the biggest
threat, according to one quarter of CISOs. In contrast, nine in ten
CISOs said official teleworkers were not a security concern.
63 percent said agencies need to find out who is teleworking and from
where -- and that everyone teleworking should go through the agency
program.
The technology infrastructure, though, is not a problem, the survey.
More than eighty percent also said that their telework-mobile computing
infrastructure did not hinder their ability to meet Federal Information
Security Management Act (FISMA) requirements.
Laptop computers are increasingly an important part of an agency's
enterprise. Although almost three-quarters of survey respondents said
that laptop use had increased between ten and twenty percent last year,
overall just seventeen percent of the CISOs said laptop use was as high
as fifty percent in their agencies.
The ideal would be for all employees to have an encrypted laptop
regardless of whether they primarily telework or not, as well as to
increase training, said Lauren Olsen, a Telework Exchange spokeswoman.
The way we see it over all so many people are mobile, she said. Our
recommendation is to treat everyone as a mobile employee.
CISOs seem to agree. 74 percent of respondents said agencies should
ensure employees get mobile data security training, regardless of
whether they telework or not.
[1] http://www.teleworkexchange.com/cisostudy/CISOStudy.pdf
____________________________________
Attend HITBSecConf2007 - Malaysia
Taking place September 3-6 2007 featuring seven tracks of technical
training and a dual-track security conference with keynote speakers
Lance Spitzner and Mikko Hypponen! - Book your seats today!
http://conference.hitb.org/hitbsecconf2007kl/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic