RE: Government Compliance

["L. Walker" <lwalker () magi net au>]

Comments below.

On 17 Jun 2005 12:59PM, dentonj () gmail com wrote:
> That may or may not be true.  The real problem is the lack of control
> of the budget.  Those who've worked for the government know that those
> who control or can influence the budget have control of what happens. 
> Nothing gets the attention of the decision makers faster then knowing
> that non-compliance with a new regulation means next years budget
> might get cut.  Until "Information Assurance" (the governments buzz
> word for computer security) can influence organizations or agencies
> budgets, the decision makers are only going to pay it lip service.

Is it lack of control with budget, or political pressure to complete
projects on-time instead of ensuring maximum quality for the projects
deliverables?  As many have said, the pressure is on to "pass the buck", so
to speak.

> The other thing that gets decision makers attention is the possibility
> of jail time.  Mishandling of classified material can quickly land
> someone in jail.  So, classified systems and networks are locked down
> pretty well.  The computers and networks that are connected to the
> internet do not process classified information.  So if someone breaks
> into a government computer via the internet, it's not going to impact
> the decision makers.

How so?  Leaked and planted memos and e-mails can hurt political careers.
Just because it's not classified doesn't mean the data isn't important
enough to protect.  Especially when [U.S. Govt.] standards (NIST, etc.)
define how stringent they should be with their security policies.

 - L. Walker