By Matthew Weigelt
Nov. 8, 2006
SAN DIEGO - Complying with Office of Management and Budget directives to
secure agencies sensitive information through encryption and
multilayered access authentication will be expensive, but agencies
should look for creative ways to lower the costs, according Justice
A June OMB memo directed agencies to encrypt all data on remote devices,
require people to use two identification methods to log onto secure
networks by remote access and use time limits to prevent sessions from
staying open and vulnerable indefinitely.
Dennis Heretick, chief information security officer at the Justice
Department, and Mischel Kwon, director of wireless information security
in Justices Justice Management Division, agreed that the toughest
requirement is logging all computer-readable data taken from databases
holding the sensitive information. Technology to do that, such as the
Enterprise Data Rights Management, is new and needs more testing.
The two officials, who spoke Nov. 7 at Federal Computer Weeks Government
CIO Summit in San Diego, said agencies will spend a lot of money to meet
Kwon offered suggestions, saying agencies should consider who has remote
access. They should question whether all employees need laptop computers
or whether certain employees need to work from home. Answering those
questions can cut costs by eliminating the need to secure unnecessary
remote access points, she said.
Security is always more than encryption, Kwon said.
Visit the InfoSec News store!