isn
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] FISMA: A good idea whose time never came

from [InfoSec News] [Permanent Link][Original]
To: isn@infosecnews.org
Subject: [ISN] FISMA: A good idea whose time never came
From: InfoSec News <alerts@infosecnews.org>
Date: Tue, 30 Mar 2010 00:33:20 -0600 (CST)
Delivered-to: isn@infosecnews.org
List-archive: <http://www.infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Organization: InfoSec News - http://www.infosecnews.org/ 
http://gcn.com/articles/2010/03/29/cybereye-032910.aspx

By William Jackson
Cybereye
GCN.com
March 29, 2010

A funny thing happened with the Federal Information Security Management 
Act of 2002. Critics complain that the law has created a "culture of 
compliance" in which administrators focus on paperwork rather than 
results. But in spite of this culture, agencies have not achieved real 
security.

"An underlying cause for information security weaknesses identified at 
federal agencies is that [the agencies] have not yet fully or 
effectively implemented key elements of an agencywide information 
security program, as required by FISMA," the Government Accountability 
Office.s Gregory Wilshusen recently told a House subcommittee.

After seven years of progress and congressional report cards, 21 of 24 
major agencies reported significant weaknesses in information system 
controls in 2009, Wilshusen said.

If we can't achieve compliance with a culture of compliance, where did 
we go wrong?

[...]
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] FISMA: A good idea whose time never came, InfoSec News <=
Previous by Date:  [ISN] MS to release emergency IE fix on Tuesday, InfoSec News
Next by Date:  [ISN] Windows 7 Less Vulnerable Without Admin Rights, InfoSec News
Previous by Thread:  [ISN] MS to release emergency IE fix on Tuesday, InfoSec News
Next by Thread:  [ISN] Windows 7 Less Vulnerable Without Admin Rights, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]