This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-1535257777-1246338529=:29799
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://fcw.com/articles/2009/06/29/fcw-fisma-metric-change.aspx 

By Ben Bain
FCW.com
June 29, 2009

The government=E2=80=99s current choice of metrics is partly to blame for the 
fact that agencies are reporting improved compliance with security 
requirements even while government investigators continue to find 
security gaps, auditors say.

Part of the problem is that although the Office of Management and Budget 
requires agencies to establish information technology security controls, 
the metrics generally do not measure how well those controls are 
implemented, according to the Government Accountability Office.

=E2=80=9CDeveloping and using metrics that measure how well agencies implement 
important controls can contribute to increased focus on the effective 
implementation of federal information security,=E2=80=9D said Gregory Wilshusen, 
director of information security issues at GAO, testifying June 25 
before the House Science and Technology Committee=E2=80=99s Technology and 
Innovation Subcommittee.

Wilshusen said the current metrics probably served a useful purpose when 
they were developed because, at that time, many agencies weren=E2=80=99t 
performing basic security controls. However, he said, it=E2=80=99s time to 
examine how agencies implement the controls and consider other types of 
metrics.

[...]


--1457021584-1535257777-1246338529=:29799
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_____________________________________________
Visit the InfoSec News security bookstore!
http://www.shopinfosecnews.org 

--1457021584-1535257777-1246338529=:29799--