Feeds

US agencies cybersecurity defences are outstandingly mediocre

From Dunce's cap to C- in one bound

Build a business case: developing custom apps

Information security procedures in federal government have improved, albeit modestly. An annual computer security report card on 24 federal agencies released Thursday rated average security at "C-minus for 2006 compared to D+ in 2005.

So instead of been sent to bed without their pork supper, Federal IT managers have earned a pat on the head, if not a generous end of term present. The scores are based on reports submitted in response to the Federal Information Security Management Act of 2002 (FISMA).

Perennial security underachievers the US Department of Homeland Security received its first-ever non-failing grade, managing to pull its performance up from an F to a D, the first time since the scheme began in 2003 that it didn't flunk.

Although overall security procedures improved the Department of Defense (DoD) recorded a failing F grade. Meanwhile the Department of Veterans Affairs - whose loss of laptops containing veterans' confidential data triggered a huge security breach - failed to submit a report. The Nuclear Regulatory Commission, another agency that has trouble keeping track of its PCs, flunked. On a brighter note, the DoJ picked up an A- while the Social Security Administration rated an A.

The reports are overseen by the House Government Reform Committee, the well-spring of the FISMA laws. Although supporters of the law say it provides an incentive for improving security controls critics (including government IT managers) say the audit is more about fulfilling compliance requirements than reducing exposure to information security risks. Security industry observers also criticise the lack of remedial action, or indeed consequences of any type, that result from agencies receiving a failing grade. ®

The smart choice: opportunity from uncertainty

More from The Register

next story
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK Parliament rubber-stamps EMERGENCY data grab 'n' keep bill
Just 49 MPs oppose Drip's rushed timetable
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
US judge: YES, cops or feds so can slurp an ENTIRE Gmail account
Crooks don't have folders labelled 'drug records', opines NY beak
Delaware pair nabbed for getting saucy atop Mexican eatery
Burrito meets soft taco in alleged rooftop romp outrage
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.