Information Security News mailing list archives

Re: New opportunities for NIST

From: InfoSec News <isn () c4i org>
Date: Mon, 9 Dec 2002 02:51:24 -0600 (CST)

Forwarded from: huggins () airmail net

Start smashing fingers and breaking heads interesting point.  As most
who read ISN know I believe that we in corporate world and even more
ineffecient than those in government at least they are evaluated and
the reports submitted annually to congress and all the world to see.
Improvements have been made however, until a standard evaluation
process is developed the scores will fluctuate and failures will
continue.  I propose that the US no the UN (not to be taken
seariously) develop a minimum security guidance that all the world
must meet and report annually to them and the world to see.  I
guarantee you the major businesses would not even come close to the
scores given our goverment.  We are critical infrastructures and we
still leave open holes, and say need instead of must way to often.  
MY 50 Cents worth.



 Forwarded from: matthew patton <pattonme () yahoo com>

Federal security could improve if the secretary should decide to make
additional NIST guidance and standards mandatory, but such a decision
could also have drawbacks, said Sallie McDonald, assistant
commissioner for information assurance and critical infrastructure
protection at the General Services Administration. "But you don't get
people's cooperation for the right reasons," and involuntary
compliance could lead to agencies just checking off another
requirement box instead of using the guidelines to improve their
security management, she said.


Sure enough. But considering how bad most federal systems are, isn't
mandatory compliance with a reasonable set of standards better than the
tenuous notion that people should improve their security
management based on said guidelines? If the IG's of the world were
consistently giving agencies B- or better grades I would have no
argument. But as I recall, practically everybody is in the D- or F
category. It's time IMO to start breaking fingers and bashing heads.
Agencies who have national security impacting systems and who know
better are playing fast and careless with security. We ought to be
sacking a lot of people, gov't and contractor alike.




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.

Current thread:

New opportunities for NIST InfoSec News (Dec 03)
- <Possible follow-ups>
- Re: New opportunities for NIST InfoSec News (Dec 04)
- Re: New opportunities for NIST InfoSec News (Dec 05)
- Re: New opportunities for NIST InfoSec News (Dec 09)