Access "Revamped FISMA requirements aim to improve federal security "
This article is part of the June 2011 issue of BYOD means creating a new security game plan in the enterprise
Compliance with the Federal Information Security Management Act of 2002 (FISMA) has long been a thorn in the side of government agencies. Failing grades from the General Accounting Office have been commonplace, leading to increased scrutiny of government security and the state of data security within respective agencies. "FISMA was never implemented by measuring security effectiveness, it was only used to justify wasteful exercises in compliance," says Alan Paller, director of research at the SANS Institute. FISMA, often considered an ineffective paper exercise, has since undergone something of an overhaul. The introduction of an automated reporting tool and mandates for continuous monitoring are aimed at moving agencies beyond data collection to risk management and ultimately, better information security. The road to streamlined FISMA requirements has its challenges, though. CYBERSCOPE In October 2009, seven years after FISMA was enacted and racked up some $40 billion in costs, Federal CIO Vivek Kundra unveiled CyberScope. The automated FISMA reporting tool... Access >>>
Premium Content for Free.
Get actionable results from a security information management system
by Andreas M. Antonopoulos
In order to get the best results, you need to limit your goals for SIM.
Revamped FISMA requirements aim to improve federal security
by Crystal Bedell
An automated tool and mandates for continuous monitoring try to improve federal information security efforts.
- Get actionable results from a security information management system by Andreas M. Antonopoulos
IT consumerization drives new security thinking
by Marcia Savage
The influx of personal smartphones and other computing devices into the enterprise is forcing a shift in security strategy.
Data breaches show enterprise need for better data security management
by Robert Westervelt
Sony and other data breaches suggest need for data accountability, better configuration management.
- IT consumerization drives new security thinking by Marcia Savage
Lack of SMB security opens door to online criminals
by Michael S. Mimoso, Editorial Director
Online criminals have smaller targets firmly in their crosshairs.
Mobility trend takes off in the enterprise but leaves out security
by Chenxi Wang
Banks and other businesses are rushing to jump on the mobility trend but leaving security behind.
Marcus Ranum and Bob Blakley discuss risk management failures
by Marcus J. Ranum, Contributor
Security expert and Information Security magazine columnist Marcus Ranum continues a new bimonthly feature where he goes one-on-one with a fellow security industry insider.
- Lack of SMB security opens door to online criminals by Michael S. Mimoso, Editorial Director
More Premium Content Accessible For Free
Deploying data protection technologies properly requires a lot of time and patience. While most firms can get started by using preconfigured policies...
The bring your own device (BYOD) movement, which has flooded the enterprise with employee-owned smartphones, tablets, phablets and purse-sized ...
For so long penetration testing meant hiring an expert to use skill and savvy to try to infiltrate the company system. But, as with most ...