VA to certify project security

[InfoSec News <isn () c4i org>]

http://www.fcw.com/fcw/articles/2001/0820/web-va-08-22-01.asp

By Judi Hasson 
August 22, 2001 

The new cybersecurity chief at the Department of Veterans Affairs says
program managers will be asked to sign a contract certifying that they
have installed security with every project they build.

Bruce Brody, the associate deputy assistant secretary for
cybersecurity, said in an interview Aug. 20 that the new policy is
necessary because security is one issue that tends to "slip."

"We are setting in place system security requirements," he said.
"Theres a lot of independent action going on.... Its the renegades.
Its the people who can put an uncertified network up there."

Brody also said new rules for telecommuting would be published for VA
employees. Not long ago, a worker in the Midwest using a home computer
transmitted a virus to VA headquarters when he connected to his
office.

The policy will require workers to use a computer strictly dedicated
to VA work, he said.

Writing in the June/July 2001 issue of the VA newsletter, VAnguard,
Brody said the VA has a long way to go to tighten security.

VA information systems and networks are "so deficient in basic
security protections that they represent a material weakness in our
ability to provide timely, reliable services to those who rely on our
service," he wrote. "There is also material weakness in our ability to
protect the confidentiality, integrity and availability of the private
information we maintain about those people to whom we provide
services."
 

   

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.