A Secure Step in the Right Direction
After years of disparaging reports on the state of IT security in various federal agencies, there's finally some good news.
By Paul Roberts
August 01, 2003 — CSO — We're not out of the woods yet, but we're finally using the bread crumbs as a trail. After years of disparaging reports on the state of IT security in various federal agencies, there's finally some good news. The White House Office of Management and Budget released its "FY 2002 Report to Congress on Federal Government Information Security Reform" in May. The report found that federal agencies have made noticeable progress on a number of governmentwide IT security problems.
In 2002, senior management gave more attention to IT security within federal agencies, and the federal government did a better job of detecting, reporting and sharing information about vulnerabilities. IT security awareness and education among federal employees also showed improvement from 2001.
In addition, the OMB found an increase in the percentage of federal government computer systems that have been assessed for security risk and that have up-to-date IT security plans. It also saw evidence of better bureau oversight and better cooperation between CIOs, inspectors general and senior agency officials.
Despite the encouraging trend, the federal government has much work left on the IT security front, according to the report. Many federal agencies continue to suffer from lingering problems, such as an absence of system-level security plans. In addition, federal agencies are failing to fulfill the requirement to review their IT systems and programs each year and to prioritize their IT purchasing. While the gaps in the federal government's IT security are closing, some holes remain.
Read more about data protection in CSOonline's Data Protection section.
Other stories by Paul Roberts
The challenge of true data protection spans databases, internal and external networks, physical and offsite storage, business partners and more. These resources offer expert perspective from the basics through specific key elements of data protection strategies.
Network security basics
Protection, detection, and reaction—those are the three underlying principles your security program must embody
Computer incident detection, response, forensics
Richard Bejtlich shows how to measure and improve the maturity of your incident response
A few good IT security metrics
Stop counting blocked malware attachments and measure things that can contribute to meaningful change
5 key cloud security trends
Cloud security is evolving rapidly—stay on top of it
IT risk assessment frameworks
How to do end-to-end encryption
How to compare and use enterprise antivirus
Also find sample data protection policies in CSO's tools, templates and policies library
- Introduction to VMware vCenter Site Recovery Manager 5
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Understand Your Data: The Future of Backup and Archiving
- Overcome Top 7 Admin Challenges of Active Directory
- Insiders Can Ruin Your Company. Take Action.
- Top Solutions and Tools to Prevent Devastating Malware
- X-Ray of the PCI Process-4 Proactive Steps
- Streamline Compliance and Increase ROI
- Beyond SFTP: Five Ways Secure Managed File Transfer Can Improve Your Business
CSO Corporate Partners
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
