Comments on Infosec Potpourri: Tired of all the talk

The government does care, it's that how do you man...

2007-07-04T11:22:00.000-04:00

The government does care, it's that how do you manage a $68Billion IT budget and include security? It's hard to do, and all the naysayers for the most part have never tried to do it. There isn't any security management model that we have today that scales to that size.

I teach FISMA and C&A to contractors, vendors, and government employees and security in the government is a lot harder than you would think.

Anyway, I talk about this stuff all the time on my blog. Check it out: http://www.guerilla-ciso.com/. For the really juicy stuff, hit the FISMA topic.

I disagree, in that I do think the government care...

2007-07-04T00:16:00.000-04:00

I disagree, in that I do think the government cares about cybersecurity. It's just that they don't seem to know how to do it, or even what security actually means.

Don't get me wrong: I recognize that there are significant challenges to be overcome here. Even at the level of individual Departments, the organizations are huge, and meaningful change is slow and painful. But even if the Departments want to change, it's pretty clear that they don't know how.

It comes down to the fact that cybersecurity is usually confused with compliance, reporting and other paperwork. All important pieces, to be sure, but they're fundamentally crippled without adequate people and resources.

Persanally I do not think the Federal Government r...

2007-07-03T15:02:00.000-04:00

Persanally I do not think the Federal Government really cares about cybersecurity. You talk about the different agencies but each agency is broken up into dozens of separate fiefdoms. Each of these duplicate efforts which costs even more money taxpayer money.