Government Executive events provide federal managers with practical insights on current topics. They feature prominent thought leaders addressing key issues facing the federal government. Attendees gain the latest insights and best practices from their colleagues throughout government.
UPCOMING EVENTS
OCTOBER 21
Communication Today: New Generations, New Rules
OCTOBER 23
Developing Effective Records Management Strategies
New CIO for DHS' National Protection and Programs
by Allan Holmes - 10/10/08 6:19 pm EDT
Federal Jobs -- Lookin' Mighty Attractive Now
by Allan Holmes - 10/09/08 5:58 pm EDT
Does Technology Make Us Smarter?
by Allan Holmes - 10/08/08 5:44 pm EDT
Time to Reassess Data Mining
by Allan Holmes - 10/07/08 6:30 pm EDT
Another Call for Getting Serious With Clinger-Cohen
by Allan Holmes - 10/06/08 3:32 pm EDT
By Allan Holmes, aholmes@govexec.com 07/09/08
FISMA vs. Security Perspective Test
Ever since Congress passed the 2002 Federal Information Security Management Act to improve the security of federal networks, security analysts and federal information technology managers have complained that the law has failed to make government systems more secure. The reason, they say, is that it is largely a reporting exercise that agencies must follow certain processes such as certifying and accrediting systems. What it doesn’t do is require agencies to measure how secure their systems actually are by taking actions such as conducting penetration tests to identify holes in networks that allow hackers in -- and then fixing them quickly.
For those reasons, security analysts say the report cards agencies receive on their compliance with FISMA are meaningless. In fact, Congress and others have charged that FISMA simply hasn't worked.
To begin a dialogue on potentially better ways to measure how secure an agency's systems are, Nextgov and the SANS Institute, a nonprofit cybersecurity research organization in Bethesda, Md., have teamed up on a Web-based tool. It's designed to provide federal officials a means to compare how secure FISMA says their systems are to what professional security analysts would say. As Alan Paller, director of research at SANS, points out, an agency can get an A on FISMA compliance, but receive an F from security analysts on how secure its systems are.
To find out how your FISMA grade stacks up with a grade that a SANS security consultant would give you, we invite you to take the FISMA vs. Security Perspective Test. The first part of the test grades your compliance with certain FISMA requirements. The second measures how well you follow what security analysts say are some of the best practices to secure systems. You'll receive a grade for each test and at the end you can compare which the two.
After taking the test, let us know your opinions about and insights from the test by going to The Forum to discuss your results and those of others. Just follow the link at the end of the test, or go The Forum by clicking here.
Thanks in advance for participating.
Dynamic Deduplication – Achieving a 50:1 ratio
Free white paper, brought to you by Hewlett Packard.
The Federal SOA Institute's mission is to help
The federal government adopt and benefit from service oriented architecture. From IBM.
Market-based government through innovation:
How public sector leaders are improving collaboration and focus on citizens. From IBM.
Top public sector innovators: Changing the world.
Through government, education and healthcare and life sciences. From IBM.
View more products and services... Purchase a link now...