Re: Government Compliance

[Jeffrey Denton <dentonj () gmail com>]

On 16 Jun 2005 19:09:05 -0000, frank_kenisky () psc uscourts gov
<frank_kenisky () psc uscourts gov> wrote:

. . .

> Information Security within the gov is an oximoron.  Most agency CIO's and CISO's have about as much knowledge of 
> Information Security as the half a sleep rent a cop downstairs checking badges.

That may or may not be true.  The real problem is the lack of control
of the budget.  Those who've worked for the government know that those
who control or can influence the budget have control of what happens. 
Nothing gets the attention of the decision makers faster then knowing
that non-compliance with a new regulation means next years budget
might get cut.  Until "Information Assurance" (the governments buzz
word for computer security) can influence organizations or agencies
budgets, the decision makers are only going to pay it lip service.

The other thing that gets decision makers attention is the possibility
of jail time.  Mishandling of classified material can quickly land
someone in jail.  So, classified systems and networks are locked down
pretty well.  The computers and networks that are connected to the
internet do not process classified information.  So if someone breaks
into a government computer via the internet, it's not going to impact
the decision makers.