Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Tuesday, July 18, 2006

Breach rules toughened for federal agencies

The White House’s Office of Management and Budget instructed U.S. federal agencies to alert the US-CERT within one hour to any breach involving personally identifiable information, even if the possibility of a breach is only suspected.  Another memo (PDF), dated 15th July, required that government agencies report any computer systems missing from their inventory and outline the results of an investigation into handling of personally identifiable information within their agency.  The latest memos clarify the obligation of federal agencies under the Federal Information Security and Management Act (FISMA) of 2002, under which agencies get graded on their security postures.

In May, the Department of Veterans Affairs revealed that the names, social security numbers and birth dates of nearly 26.5 million veterans had been stored on a laptop and external hard drive that were stolen from an employee’s home.

Last year, the U.S. government received an average grade of D+ for computer security.

Posted on 07/18