FISMA fosters fixes on IT security front

Reader Survey

The GCN Reader Survey is intended to provide data on trends and product preferences. This survey on lT security and FISMA is based on a telephone survey of 100 government GCN readers.

The Federal Information Security Management Act, passed in 2002, is now the propelling force behind the government's efforts to improve IT security.

Rank-and-file federal IT managers in a GCN telephone survey were unquestionably feeling the impact of FISMA.

'Our biggest challenge in the next 12 to 24 months is completing FISMA requirements,' said a Social Security Administration IT specialist in Baltimore.

In the survey, 92 percent of managers reported that their agencies are making progress on accreditation and certification, as well as other mandates.

For instance, 91 percent said their agencies had done a full inventory of IT assets, as required by FISMA.

Another 94 percent reported that their agencies had senior information security officers, another FISMA stipulation.

Managers we talked with expressed a variety of concerns about IT security, most naming viruses, worms and hackers as major threats.

'We need to stay on top of malicious codes,' said a computer specialist at the Defense Information Systems Agency in Falls Church, Va.

Viruses and worms

'Software inventors are a threat because viruses and worms can cost us a lot of money, data and recovery time,' said an information systems analyst at the General Accounting Office in Washington.

'Hackers are our biggest security concern,' added an Interior Department IT manager in Salt Lake City.

Managers also identified other sources of security worries, including user carelessness and malevolence.

'Uninformed users keep me up at night,' said a Census Bureau IT specialist in White Plains, Md.

'Unauthorized users gaining access to unattended workstations remain a threat,' said a Postal Service information systems technician in Shreveport, La.

For some, proper training offers the best bet to avert such perils. 'We need to find time to educate our people about security,' said a Bankruptcy Court systems manager in Des Moines, Iowa.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.