Federal CISOs lack emphasis on internal security breaches
Friday, May 1, 2009
Federal CISOs are most concerned with external attacks on government websites and data security, but lack an appropriate emphasis on the threat of internal security breaches, according to a new report.
Based on a survey of half of federal CISOs, the report by the International Information Systems Security Certification Consortium - referred to as (ISC)2 - found that the government's network security professionals continue to face organizational challenges, including inadequate resources to do the job, undue focus on compliance reporting and unnecessary red tape at the expense of addressing known problems.
Although CISOs are highly motivated, feel they are making some progress and are mostly happy in their roles, the (ISC)2 report said CISOs may underestimate the more serious threat of internal attacks.
Half the CISOs believe the government is "not getting ahead" of the attackers, while the other half believes we "are turning the corner," the survey found.
The report said a compliance culture must be replaced with a risk-management approach to security, yet the CISOs and their overseers in the federal agencies and in Congress have more work to do in educating officials that risks cannot be eliminated, only managed.
Related News:
Cyber criminals exposed medical records - 3.8.2010
More than 18,000 patients, whose medical information is stored on the computer systems of five doctors in Torrance, California, were potential victims of identity theft in September when cyber criminals penetrated the doctors' networks, according to the Los Angeles Times.
McAfee advises companies to boost web security relating to source code - 3.4.2010
At the RSA Conference, currently taking place in San Francisco, McAfee released a report indicating that companies regularly use too few web security protocols when protecting intellectual property such as source code.
False social networking attacks provides teachable moment for web security - 2.25.2010
A unique tool developed to prevent the spread of malware from social networking websites has been recommended Processor.com, a web and network security news provider.
With global web security under siege, exports point to problems - 2.25.2010
In 2009, Garlik, a United Kingdom-based web security company, reported a 207 percent increase in malware use to overtake bank accounts. Recent events have also shown vulnerability in corporate, private and governmental web security systems.
Kaspersky reports malware growing more sophisticated - 2.24.2010
Kaspersky, a web security provider, reported Wednesday that while there is very little growth in the amount of malware currently roaming the web, it is becoming more advanced and much harder to detect.
|
