Feeds

US agencies cybersecurity defences are outstandingly mediocre

From Dunce's cap to C- in one bound

Internet Security Threat Report 2014

Information security procedures in federal government have improved, albeit modestly. An annual computer security report card on 24 federal agencies released Thursday rated average security at "C-minus for 2006 compared to D+ in 2005.

So instead of been sent to bed without their pork supper, Federal IT managers have earned a pat on the head, if not a generous end of term present. The scores are based on reports submitted in response to the Federal Information Security Management Act of 2002 (FISMA).

Perennial security underachievers the US Department of Homeland Security received its first-ever non-failing grade, managing to pull its performance up from an F to a D, the first time since the scheme began in 2003 that it didn't flunk.

Although overall security procedures improved the Department of Defense (DoD) recorded a failing F grade. Meanwhile the Department of Veterans Affairs - whose loss of laptops containing veterans' confidential data triggered a huge security breach - failed to submit a report. The Nuclear Regulatory Commission, another agency that has trouble keeping track of its PCs, flunked. On a brighter note, the DoJ picked up an A- while the Social Security Administration rated an A.

The reports are overseen by the House Government Reform Committee, the well-spring of the FISMA laws. Although supporters of the law say it provides an incentive for improving security controls critics (including government IT managers) say the audit is more about fulfilling compliance requirements than reducing exposure to information security risks. Security industry observers also criticise the lack of remedial action, or indeed consequences of any type, that result from agencies receiving a failing grade. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.