Nothing easy about security
Information security experts offer no easy answers for agencies trying to improve their security grades.
The maze of requirements imposed by the Federal Information Security Management Act (FISMA) of 2002 has created confusion about interpretation, said Les Cashwell, a security analyst and chief executive officer of Cashwell & Associates, a consulting company. "It's not perfect legislation, but at least it's something," Cashwell said, speaking today in Arlington, Va., at a seminar sponsored by e-Security Inc.
With tongue in cheek, Cashwell offered a graphic depiction of FISMA as a beast with long, sharp teeth and many eyes. Besides doing good, Cashwell said, FISMA created "a lot of bureaucracy and paperwork." Deciding how much detailed security information to report to senior managers is "a huge challenge," he said.
By Florence Olsen at FCW.
[ Read more ]