Information Security News mailing list archives
FISMA: A good idea whose time never came
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 30 Mar 2010 00:33:20 -0600 (CST)
http://gcn.com/articles/2010/03/29/cybereye-032910.aspx By William Jackson Cybereye GCN.com March 29, 2010 A funny thing happened with the Federal Information Security Management Act of 2002. Critics complain that the law has created a "culture of compliance" in which administrators focus on paperwork rather than results. But in spite of this culture, agencies have not achieved real security. "An underlying cause for information security weaknesses identified at federal agencies is that [the agencies] have not yet fully or effectively implemented key elements of an agencywide information security program, as required by FISMA," the Government Accountability Office.s Gregory Wilshusen recently told a House subcommittee. After seven years of progress and congressional report cards, 21 of 24 major agencies reported significant weaknesses in information system controls in 2009, Wilshusen said. If we can't achieve compliance with a culture of compliance, where did we go wrong? [...] ___________________________________________________________ Register now for HITBSecConf2010 - Dubai, the premier deep-knowledge network security event in the GCC, featuring keynote speakers John Viega and Matt Watchinski! http://conference.hitb.org/hitbsecconf2010dxb/
Current thread:
- FISMA: A good idea whose time never came InfoSec News (Mar 29)