Security chiefs say they're under siege by administrative tasks

The government's chief information security officers spend most of their time shuffling papers and putting out fires instead of improving the overall security of their systems, according to a recent study by Intelligent Decisions Inc.

The CISO position was established under the Federal Information Security Management Act, but a lack of resources could be undermining the act's goals, the survey suggests. Intelligent Decisions interviewed 25 of the government's 117 CISOs at both large and small agencies.

On average, CISOs said they spend three hours a day on compliance reporting, one hour on troubleshooting and less than an hour on issues such as network monitoring, architecture development and inventory control.

Putting more IT security money into CISOs' hands could help enable strategic efforts to improve security, said Ted Ritter, director of cybersecurity for the Chantilly, Va., company. 'The issue that is keeping them up at night is patch management,' Ritter said.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above