Federal security misses the mark
Rep. Stephen Horn (R-Calif.) gave the government a D-minus in his first set
of grades issued on the state of agencies' computer security practices.
In issuing the grades Monday, Horn also promised to help agencies get more
money to help improve the security grades, which follow in the steps of his
Year 2000 preparedness report cards.
The grades are based on a self-assessment by each agency or department,
using a six-page questionnaire provided by Horn's staff on the House Reform
Committee's Government Management, Information and Technology Subcommittee.
Those answers were combined with the results of inspector general and General
Accounting Office audits and independent evaluations performed by private-
sector consultants during the past year.
While some agencies under larger departments submitted their own
questionnaires, the committee staff and GAO rolled most into a single,
departmentwide grade from A to F that provides a "snapshot" of each agency's
security posture.
"This report card sets a baseline for future oversight and also serves as a
wake-up call for agencies," Horn said.
Agency officials are just as frustrated as everyone else when it comes to
the slow pace of security improvement, but they are dealing with more complex
issues, as every employee has become a factor in each agency's security, said
John Gilligan, chief information officer at the Energy Department and co-
chairman of the CIO Council's security committee.
"Federal CIOs are not asleep at the wheel," he said.
Horn said he will work with the CIO Council, the Office of Management and
Budget as well as agencies to talk with congressional authorization and
appropriations committees about funding agency security programs and cross-
government initiatives. With a budget surplus projected for the next fiscal
year, now is the time for agencies to lobby to reprogram some of that money for
their security initiatives, Horn said.
"If they're serious, this is the time to get a few million here and there,"
he said.
» posted by ITworld staff
Network World
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
