[iwar] OMB Report Card on Govt Infosec

From: televr (yangyun@metacrawler.com)
Date: 2002-02-15 06:28:17

Next message: Leo, Ross: "RE: [iwar] [fc:Cybersecurity.A.Top.Priority:.White.House.Adviser. Presses.Computer.Industry.to.Do.More]"
Previous message: Fred Cohen: "Re: [iwar] [fc:CIA,.FBI.Developing.Intelligence.Supercomputer]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: iwar@yahoogroups.com
Message-ID: <a4j5u1+vdvj@eGroups.com>
User-Agent: eGroups-EW/0.82
From: "televr" <yangyun@metacrawler.com>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Fri, 15 Feb 2002 14:28:17 -0000
Subject: [iwar] OMB Report Card on Govt Infosec
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

http://www.omb.gov/inforeg/infopoltech.pdf

02/15/02
Most Federal Agencies Unable To Spot Cyber-Attacks - OMB
By Brian Krebs, Newsbytes
WASHINGTON, D.C., U.S.A.,
14 Feb 2002, 1:06 PM CST

Most federal agencies do not manage their information technology
resources well enough to detect or defeat computer viruses and hacker
attacks, the White House said in a report released Wednesday.

"Far too many agencies have virtually no meaningful system to test or
monitor system activity and therefore are unable to detect intrusions,
suspected intrusions, or virus infections," the OMB said.

In its analysis of security audits conducted at 50 federal agencies
the OMB identified six government-wide security problems, including a
lack of policies and programs in place to detect, report or share
information on security vulnerabilities or attacks.

The report also notes that most employees lack basic awareness or
education about computer security. In addition, few agencies routinely
ensure that contractors meet minimum security requirements and
background checks, the OMB said.

The OMB report found no correlation between the amount each agency
spent on IT security and its overall performance in that arena.

"At this point, there is no evidence that poor security is a result of
a lack of money," the OMB said.

Last year, the federal government spent $2.7 billion on computer
security, out of a total $48 billion in IT investments. This year, the
OMB expects federal agencies will spend roughly double that amount -
$4.2 billion out of a total IT budget of $52 billion.

Under the Government Information Security Reform Act of 2000, agencies
are required to assess and test the security of their non-classified
information systems.

Agencies are graded on the results of penetration testing and overall
security, and the reports are tied to each agency's budget request.

Last year's round of penetration tests showed nearly all federal
agencies earned a grade of "D" or lower for computer security,
prompting the OMB to pledge it would soon begin to kill funding for
projects that consistently fail to meet minimum security requirements.

The lone exception cited in the OMB report was the Department of
Defense, which maintained a consistent record of training employees
and screening IT security contractors, the agency said.

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
When building an e-commerce site, you want to start with a
secure foundation. Learn how with VeriSign's FREE Guide.
http://us.click.yahoo.com/oCuuSA/XdiDAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

Next message: Leo, Ross: "RE: [iwar] [fc:Cybersecurity.A.Top.Priority:.White.House.Adviser. Presses.Computer.Industry.to.Do.More]"
Previous message: Fred Cohen: "Re: [iwar] [fc:CIA,.FBI.Developing.Intelligence.Supercomputer]"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.2 : 2002-12-31 02:15:03 PST