What are Good Security Metrics?
Jason Miller writes on GCN.com:
“No government agency can say with confidence that the Chinese are not inside all their computers.”More here.
That one comment from Alan Paller, the research director of the SANS Institute of Bethesda, Md., sparked the discussion of how well government agencies secure their IT systems and measure the effectiveness of their cybersecurity controls.
“The Chinese doctrine calls for a cyberattack as part of the next war with the U.S.,” Paller said earlier this week at the Executive Leadership Conference sponsored by the American Council for Technology and the Industry Advisory Council. “Every major nation has a substantial cyberespionage initiative. It does matter that they and terrorist organizations are doing this because we are not doing very well in stopping them.”
Paller said that Congress and the administration pay too much attention to how agencies meet certain aspects of the Federal Information Security Management Act. He said the number of systems certified and accredited, awareness training, configuration management and annual testing don’t go far enough to ensure agency IT systems are secure.
0 Comments:
Post a Comment
<< Home