The US Government Accounting Office (GAO) has once again completed its annual ritual in futility by issuing yet another scathing audit report, ripping agency compliance with the Federal Information Security Mangement Act (FISMA). This time the report went farther, identifying weakesses in FISMA itself. The GAO said that the information security reporting process as mandated by FISMA does not provide an accurate measure of the effectiveness of agencies' cyber security stance.
Of the report, John Pescatore, noted security wag at Gartner, commented on the SANS News Bytes blog, “This has become an annual exercise: GAO issues a report that highlights the deficiencies found at government agencies security programs and then everyone bashes FISMA, as if that was the problem. Not once do we see a report that says what is needed to be done to remove obstacles keeping government security managers from making progress.” Marcus Ranum at Tenable Network Security says “Until there are consequences for failure, government executives will continue to comfortably fail.”
Ranum's comment drives right to the point. California state government is in check with the situation at the Federal government level, except that California doesn’t have a GAO to expose information security issues to daylight. Read more at FCW.
Monday, July 20, 2009
Subscribe to:
Post Comments (Atom)
Posts
0 comments:
Post a Comment