Information Security News mailing list archives
Re: Infosec research bill amended
From: InfoSec News <isn () c4i org>
Date: Thu, 23 May 2002 04:58:32 -0500 (CDT)
Forwarded from: Richard Forno <rforno () infowarrior org>
http://www.fcw.com/fcw/articles/2002/0520/web-cyber-05-21-02.asp By Diane Frank May 21, 2002
The standards would be "a baseline minimum security configuration for specific computer hardware or software components, an operational procedure or practice, or organizational structure that increases the security of the information technology assets of a department or agency," according to the amendment.
I find it hysterical - and sad - that such a common-sense 'baseline' of what is essentially a crack at 'best practices requirements' for federal systems was an 'amendment' to a piece of legislation and not an original component. Sort of like an afterthought. These Hill folks *still* don't get it.
Working through the National Science Foundation and the National Institute of Standards and Technology, the bill would inject more than $900 million into security research, grants, training and education during five years. Such investment is something educators and researchers have often called for in recent years.
Yep, more LONG-TERM projects. What about the HERE and NOW problems we already know about?
However, the committee had no intention to set technology-specific standards that could stand in the way of innovation or new technologies, according to one staff member who asked not to be named.
Good - PKI and smart-cards - while popular and oft-hyped solutions - are essentially snake-oil in most of the large deployments I've seen, doing little to really, truly, increase the level of effective security. However, they could've said something about not using certain operating systems and applications until certified truly secure and stable than they currently are. :) Not surprising they didn't, though. rick infowarrior.org - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Infosec research bill amended InfoSec News (May 22)
- <Possible follow-ups>
- Re: Infosec research bill amended InfoSec News (May 23)