Security chiefs say they're under siege by administrative tasks
The government's chief information security officers spend most of their time shuffling papers and putting out fires instead of improving the overall security of their systems, according to a recent study by Intelligent Decisions Inc.
The CISO position was established under the Federal Information Security Management Act, but a lack of resources could be undermining the act's goals, the survey suggests. Intelligent Decisions interviewed 25 of the government's 117 CISOs at both large and small agencies.
On average, CISOs said they spend three hours a day on compliance reporting, one hour on troubleshooting and less than an hour on issues such as network monitoring, architecture development and inventory control.
Putting more IT security money into CISOs' hands could help enable strategic efforts to improve security, said Ted Ritter, director of cybersecurity for the Chantilly, Va., company. 'The issue that is keeping them up at night is patch management,' Ritter said.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.