Cyber Skills Training at SANS Miami 2019. Choose from Eight Courses and Save $350 thru 11/28.

SANS Security Trend Line

Not So Happy Fiscal New Year'S Eve to Government Security Managers!

Today is the last day of Fiscal 2013 for US federal government folks. This may be one of those years where government folks can stay up late at fiscal New Year's Eve parties, watch the glittery ball drop from the OMB tower, and then sleep in on Tuesday am - the US Government may be shut down as politicians continue their games.

But not to worry - at last week's AFFIRM conference, government CIOs seem to think information security would be considered as critical functions and be funded. From Network World:

'Charles McClam, deputy CIO at the Department of Agriculture, said that mission-critical applications in his organization are housed in data centers around the country, and the employees responsible for keeping them secure are considered exempted personnel, meaning that they would continue to work even in the event of a government shutdown.


"At this juncture I don't see anything that's going to be problematic [with] enterprise security," McClam said here at a government IT conference.


Naeem Musa, CISO at the Federal Energy Regulation Commission, said that his agency contracts much of its security and monitoring activities out to vendors in the private sector, which would be unaffected by a shutdown.'

So, that's good news. But, that just means government security managers have to go back to work and deal with FISMA. According to a recent MeriTalk survey, 86% of government managers think FISMA increases costs while only 53% feel it increases security. That's not good. Realistic, but not good.

The good news is that more than 80% believe continuous monitoring will actually increase security. But, the survey goes on to say that 81% say they already have the systems to continuously monitor security and 75% have the capabilities and resources to keep up with what they will monitor continuously. That made me lose confidence in the survey - if 3 out of 4 government agencies already have the systems, training and resources to do continuous monitoring, why haven't they been doing it?

To explore this, and help government security managers understand both the challenges of Continuous Monitoring and to learn how to best use the DHS Contiinuous Diagnostics and Mitigation contract to get the technology and resources to effectively and efficiently do continuous monitoring, on November 6th SANS is hosting a one day conference in Washington DC, free to government employees: "DHS Continuous Diagnostics & Mitigation Award (CDM) Workshop"

More info here.


Post a Comment


* Indicates a required field.