BreachExchange mailing list archives
5 ways FISMA reform will bolster federal security practices
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Sun, 21 Dec 2014 17:58:53 -0700
http://www.govhealthit.com/news/5-ways-fisma-reform-will-bolster-federal-security-practices The Federal Information Security Modernization Act (FISMA), passed this month and expected to be signed by President Obama before year’s end, aims to bring cybersecurity into the 21st century. FISMA, updates the Federal Information Security Management Act of 2002, promises to give Federal employees, including those working in health-centric agencies such as Health and Human Services, more up-to-date IT tools to diagnose and improve security. At its passage in 2002, the first FISMA seemed like a cutting-edge reaction to the needs for economic and national security interests of the U.S., requiring federal agencies to develop and document programs to secure their information and systems. That was then and this is now — a new era of Chinese cyberthreats, massive security retail store breaches where millions of customer identities get stolen, and the penetration and defacement of government websites on a semi-regular basis. Over the years, instead of being viewed as a protector of information from the bad guys, FISMA came to be viewed as an outdated checklist-driven process that forced workers to fill binders with risk assessment paperwork to little effect and great cost. The updated FISMA promises to change the way security is developed and managed in federal government, enabling and pushing agencies to take a proactive approach to information security. Meritalk, an online community focused on government IT, has listed 5 ways FISMA will affect federal government IT workers’ jobs: 1. Less paper-trails: The updated FISMA will compel agencies to replace cumbersome, time-consuming annual checklists with continuous systems monitoring to assure proper security measures. 2. Every data breach must be reported: Agencies must now report information breaches on Federal systems to Congress. With such oversight organizations will be forced to better understand breaches and make it harder to sweep them under the rug. 3. New reforms can come at a faster pace: With FISMA, OMB and the White House won't need to act in a piecemeal fashion to grant DHS the authority to assure the security of Federal civilian agencies. The reform will retain the White House and OMB’s overall jurisdiction over Federal government IT security. This allows for sweeping changes that could disrupt agency operations more rapidly than in past years. 4. Greater autonomy, adaptability: Agencies can procure and implement best-of-breed technologies that suit their individual goals. Lawmakers recognized “that the selection of specific technical hardware and software information security solutions should be left to individual agencies from among commercially developed products.” 5. Agencies will carry a heavier burden: "It forces them to act rather than just to sit on their heinies," said Alan Paller, founder of the SANS Institute who has long pushed for a change to FISMA, in a Politico report. No doubt, as new cyberthreats will present security problems thus far unanticipated, federal information security managers will look to the updated FISMA for resources and ideas to head them off.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- 5 ways FISMA reform will bolster federal security practices Audrey McNeil (Dec 24)