Forwarded from: Richard Forno <[EMAIL PROTECTED]>

The Joke Known As Federal IT Security Oversight
Richard Forno

17 March 2004
Copyright (c) 2004 by Author.  Permission granted to reproduce with credit.

Source w/in-line URLs:

Over the past several years, various Washington entities, from the
General Accounting Office to assorted Congressional committees,
conducted surveys and issued reports on the state of the federal
government's information security posture.  In each case, with few
exceptions, the findings range from the scathing to the downright
embarrassing, and remain essentially unchanged since the mid-1990s.

Like any other issue involving government oversight, this process has
become an annual Washington tradition - the reports are released;
there's back-and-forth blather in Congress about how we need "to do
more" to secure our federal networks; agency leaders and CIOs are
called to testify on the Hill; some more blather, and perhaps a piece
of legislation is introduced and dies before reaching the floor; and
then the issue recedes into digital memory until next year's survey
results are released -- and the process begins anew, with little or
nothing really changing.

It's no different than our annual visit to the dentist. We know he's
going to admonish us to brush more and cut out the sweets, and we know
that we're going to be embarrassed or uncomfortable as he tells us
this to our face and makes notes in our patient file, but we endure it
year after year, because it's something we have to do for good oral
hygiene.  Of course, we ignore his advice because it's inconvenient
and, besides, candy is a tastier snack than celery.

This seems to be the approach taken by the majority of the federal
government when dealing with the security of federal information

< - snip - >

ISN is currently hosted by

To unsubscribe email [EMAIL PROTECTED] with 'unsubscribe isn'
in the BODY of the mail.

Reply via email to