Federal agencies due for information security report cards
Agency grades have averaged a D+ for the past two years
Computerworld - U.S. Rep. Tom Davis (R-Va.), ranking member of the House Committee on Oversight and Government Reform, today is scheduled to release the annual federal computer security report card, which grades the performance of the 24 agencies covered by the Federal Information Security Act (FISMA).
He is also expected to announce a series of new incentives designed to improve security at federal agencies, according to a release posted on the committee's Web site.
Among those scheduled to speak at the committee hearing are Karen Evans, de facto federal CIO and administrator of electronic government and IT at the White House's Office of Management and Budget (OMB). Also speaking will be Lisa Schlosser, CIO of the U.S. Department of Housing and Urban Development, and Bobbie Kilberg, president and CEO of the Northern Virginia Technology Council.
The report card, issued by the Government Reform Committee, is based on security evaluations defined in FISMA. The evaluations are compiled by the committee based on information provided to Congress each year by the inspector general from each agency.
Last year, the federal government scored an overall grade of D+ for the second year in a row. Eight of the 24 agencies, including the Departments of Homeland Security, Defense, State, Energy and the Interior, received failing grades. Among the seven agencies that got at least an A- were the U.S. Department of Labor, the Social Security Administration and the Environmental Protection Agency.
Though the grades are generally perceived as an indication of the security readiness of federal agencies, some in the past have questioned its real value.
For instance, a survey of 30 federal chief information security officers in 2005 by Telos Corp., an Ashburn, Va.-based IT service provider to federal agencies, showed a majority asking for significant improvements in the evaluation criteria used to measure security readiness.
Sixty percent of the CISOs surveyed said the federal report card was a useful indicator of their security preparedness. At the same time, they questioned the value of the report card, noting that agency funding for IT security was not affected by bad grades. Federal CISOs in the survey also expressed concerns about a lack of guidance about security requirements, system definitions and the evaluation methods used by inspectors general to grade agencies.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Gartner Report: A Guide to Gartner's Enterprise Mobile Security Self-Assessment Gartner introduces a model and a Toolkit intended to help mobility and security IT leaders assess their enterprise mobility programs from a security...
- Gartner Report: Containing Mobile Security Risks With the 80/20 Rule IT planners can deliver better mobile protection with higher user satisfaction by segmenting users into risk groups before committing to specific management or...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts