Information Security News mailing list archives
Re: Davis reinforces security rules
From: InfoSec News <isn () c4i org>
Date: Sat, 9 Mar 2002 03:52:25 -0600 (CST)
Forwarded from: Robert G. Ferrell <rferrell () texas net>
Rep. Tom Davis (R-Va.) introduced a bill March 6 that would update and extend the Government Information Security Reform Act, as members of Congress expressed concern over current legislation.
After a year and a half of scrambling to implement GISRA, here are my observations concerning it: 1. It creates absolute mountains of mostly useless paperwork, which require many person-hours to complete and remove the focus from actual security implementation. 2. It does very little in the way of enforcing real physical security measures. 3. It reduces security to a simplistic formula for auditing purposes. 4. It gives agencies a false sense of having secured their systems, without requiring them to employ adequately trained personnel. It treats network security as a static, rather than dynamic, process. 5. It misses the point entirely. Congress always thinks that the answer to any problem is to create more reports and a concrete list of people who can be blamed if something goes wrong. The problem with reports is that Congress is largely composed of people who have no chance of being able to understand what the reports mean. They have to be simplified to the point of meaninglessness because the only requirement for being in Congress is winning an election. Bury the problem under paperwork and identify patsies at whom to point fingers when the poorly thought out 'solution' proves to be a dismal failure. Rinse. Repeat. RGF - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Davis reinforces security rules InfoSec News (Mar 08)
- <Possible follow-ups>
- Re: Davis reinforces security rules InfoSec News (Mar 09)