Forwarded from: Richard Forno <[EMAIL PROTECTED]> The Joke Known As Federal IT Security Oversight Richard Forno www.infowarrior.org
17 March 2004 Copyright (c) 2004 by Author. Permission granted to reproduce with credit. Source w/in-line URLs: http://www.infowarrior.org/articles/2004-07.html. Over the past several years, various Washington entities, from the General Accounting Office to assorted Congressional committees, conducted surveys and issued reports on the state of the federal government's information security posture. In each case, with few exceptions, the findings range from the scathing to the downright embarrassing, and remain essentially unchanged since the mid-1990s. Like any other issue involving government oversight, this process has become an annual Washington tradition - the reports are released; there's back-and-forth blather in Congress about how we need "to do more" to secure our federal networks; agency leaders and CIOs are called to testify on the Hill; some more blather, and perhaps a piece of legislation is introduced and dies before reaching the floor; and then the issue recedes into digital memory until next year's survey results are released -- and the process begins anew, with little or nothing really changing. It's no different than our annual visit to the dentist. We know he's going to admonish us to brush more and cut out the sweets, and we know that we're going to be embarrassed or uncomfortable as he tells us this to our face and makes notes in our patient file, but we endure it year after year, because it's something we have to do for good oral hygiene. Of course, we ignore his advice because it's inconvenient and, besides, candy is a tastier snack than celery. This seems to be the approach taken by the majority of the federal government when dealing with the security of federal information systems.... < - snip - > http://www.infowarrior.org/articles/2004-07.html - ISN is currently hosted by Attrition.org To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn' in the BODY of the mail.