Federal cyber security oversight slowly moving towards automation

While the information required to be submitted for this fall’s information systems security reporting under the Federal Information Security Management Act (FISMA) hasn’t changed significantly, OMB announced in a memorandum last week that FISMA reports will…

GAO adds to the chorus calling for better security metrics

In a GAO report released last week reflecting testimony delivered to the House subcommittee on Technology and Innovation, GAO’s Greg Wilshusen echoed his own previous testimony and a growing number of congressional voices pointing out that…

Lots of recommendations for new cyber-security czar

Ever since President Obama announced his intention to appoint a federal cyber-security “czar” in the Executive Office of the President, there have been a steady stream of open letters and articles making recommendations for the as-yet-unfilled…

Old security issues keep coming up

In an otherwise unremarkable Washington Post article about the Department of Defense’s plan to create a “cyber-command” run out of the Pentagon, a couple of points raised in the article demonstrate the persistence of some information…

A couple of recommendations for the new cybersecurity czar

As an immediate result of the 60-day review of the state of federal cybersecurity activities conducted at the behest of the Obama administration, the president announced he will (as has been anticipated) appoint a federal cybersecurity…

Balancing prevention and response

The two primary information resources with which most people are familiar for security emergency response are the Computer Emergency Response Team Coordination Center (CERT/CC) at Carnegie-Mellon University‚Äôs Software Engineering Institute and the U.S. Computer Emergency Readiness…

A need for more meaningful security testing

The recently released fiscal year 2008 report to Congress on FISMA implementation once again highlights government-wide progress in meeting certain key objectives for their information systems. Among these is the periodic testing of their security controls,…