Data breach report stirs security pot

[blitz <blitz () strikenet kicks-ass net>]

> http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=42370
>
>
> Data breach report stirs security pot
>
>
> 10/23/06
> By Mary Mosquera,
>
>
> Davis pushes security bill, calls for OMB to step up efforts
>
>
>
>
>
>
> Now that an unflattering report detailing data loss in 19 major agencies is
> public, House Government Reform chairman Tom Davis (R-Va.) is calling for
> action from the administration and Congress.
>
> The recent committee staff report revealed that some agencies were clueless
> as to what happens to personal data in their care. The vast majority of data
> breaches arose from physical theft of notebook PCs, drives and disks, or
> from unauthorized use of data by employees, the report said.
>
> Davis said that next he will take a closer look at agencies with the most
> widespread breaches.
>
> "I'm also intent on reaching out again to those agencies that reported few
> or no incidents. I'm wondering if they simply lack the means to know if
> sensitive information's been compromised," Davis said.
>
> The Office of Management and Budget needs to act more decisively to help
> agencies secure data, he added.
>
> "OMB should begin by clarifying and strengthening their guidance," Davis
> said. OMB, meanwhile, is contemplating its next move.
>
> "We appreciate the recent input of the House Government Reform Committee and
> the inspectors general. We're reviewing these two reports and will use them
> to inform our thinking on potential next steps," said an OMB spokeswoman.
>
> OMB has provided some guidance to agencies to safeguard personal information
> since the May theft of a notebook PC, containing data belonging to millions
> of veterans, from the home of a Veterans Affairs Department employee.
>
> Davis plans to work with OMB to strengthen agency guidance while also
> pushing through Congress legislation that makes that guidance a requirement
> in addition to other steps.
>
> The House recently passed the Veterans Identity and Credit Security Act of
> 2006, which includes legislation that Davis authored. The bill would
> strengthen federal security requirements and provide for notification. Davis
> will offer his legislation as a standalone bill if the Senate does not pass
> the VA security bill when Congress returns next month, he said.
>
> "Whether the legislation is part of the VA bill or separate, I think there's
> consensus that these are steps we need to take, and take now," Davis said.
> Davis worked with Veterans Affairs chairman Steve Buyer (R-Ind.) to craft
> the security bill. Buyer is negotiating with the Senate on the bill, a
> committee spokeswoman said.
>
> As the committee staff report proved and VA found in its own experience, it
> is important that agencies inventory all their IT systems to assess what
> data is at risk and what safeguards must be imposed, Buyer said.
>
> "Agencies need to empower the CIO with authority and responsibility to
> ensure data security compliance," he said.
>
> Following the flood of security breaches this year, Davis and ranking
> Democrat Henry Waxman (D-Calif.) sought summaries from major agencies of
> data breaches in the past three years to provide a governmentwide snapshot
> of data risk.
>
> Federal contractors were responsible for many of the data breaches that
> agencies reported, the report said. Davis wants to reaffirm that the Federal
> Information Security Management Act applies to contractors.
>
> "If necessary, we can amend FISMA to make this even more apparent and
> effective," he said.
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/dataloss
Tracking more than 139 million compromised records in 447 incidents over 6 years.