Guest Column | A Full Plate
- By Richard Tracy
- Apr 13, 2006
Federal security teams might need some Alka-Seltzer before 2006 is over. This year promises a full plate of challenges for federal chief information security officers.
Federal Information Security Management Act requirements continue to loom and seem to become only more complicated to manage. Hackers continue to proliferate and grow in sophistication. And as if that weren't enough, federal CISOs need to make room for this year's main course: HSPD-12 and the Oct. 27 deadline, requiring standardized smart cards to verify federal employee and contractor identities for secure access to federal buildings and information systems. The kicker is that there will be no additional budget to satisfy the new guidelines.
How to polish off this seven-course meal? CISOs will need to find innovative ways to free up money and manpower, while also finding proactive approaches to certify and accredit IT systems according to federal and Defense agency regulations.
Automation software tools can help in three areas:
- Asset management: Today's offerings can continuously search for and identify all systems attached to IT networks, giving agencies a comprehensive view of their assets, reducing IT security workloads and allowing CISOs to update and enforce security policies.
- Risk management: Software can incorporate agency- and department-specific definitions of risk into its framework and routinely scan IT security systems to determine'and alert security personnel'if threatening conditions are present, reducing the time needed to identify new vulnerabilities by up to 90 percent.
- Compliance management: New tools can help agencies define and mitigate compliance risks, and generate required reports and documents. FISMA's compliance document can take six months to complete manually, but automation tools can cut that to as little as two weeks.
Even with highly automated security processes, CISOs will have more on their plates than they can handle. Improvements in process automation, however, can help make the job more digestible.
Richard Tracy is chief security officer for Telos.
An expanded, more detailed version of this column can be found on GCN.com