[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Improved FISMA scores don't add up to better security,
From: InfoSec News <alerts () infosecnews ! org>
Date: 2009-06-30 5:18:29
Message-ID: Pine.LNX.4.61.0906300018200.29868 () conundrum ! infosecnews ! org
[Download RAW message or body]
http://fcw.com/articles/2009/06/29/fcw-fisma-metric-change.aspx
By Ben Bain
FCW.com
June 29, 2009
The government's current choice of metrics is partly to blame for the
fact that agencies are reporting improved compliance with security
requirements even while government investigators continue to find
security gaps, auditors say.
Part of the problem is that although the Office of Management and Budget
requires agencies to establish information technology security controls,
the metrics generally do not measure how well those controls are
implemented, according to the Government Accountability Office.
"Developing and using metrics that measure how well agencies implement
important controls can contribute to increased focus on the effective
implementation of federal information security," said Gregory Wilshusen,
director of information security issues at GAO, testifying June 25
before the House Science and Technology Committee's Technology and
Innovation Subcommittee.
Wilshusen said the current metrics probably served a useful purpose when
they were developed because, at that time, many agencies weren't
performing basic security controls. However, he said, it's time to
examine how agencies implement the controls and consider other types of
metrics.
[...]
_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic