By William Jackson
March 29, 2010
A funny thing happened with the Federal Information Security Management
Act of 2002. Critics complain that the law has created a "culture of
compliance" in which administrators focus on paperwork rather than
results. But in spite of this culture, agencies have not achieved real
"An underlying cause for information security weaknesses identified at
federal agencies is that [the agencies] have not yet fully or
effectively implemented key elements of an agencywide information
security program, as required by FISMA," the Government Accountability
Office.s Gregory Wilshusen recently told a House subcommittee.
After seven years of progress and congressional report cards, 21 of 24
major agencies reported significant weaknesses in information system
controls in 2009, Wilshusen said.
If we can't achieve compliance with a culture of compliance, where did
we go wrong?
Register now for HITBSecConf2010 - Dubai, the premier
deep-knowledge network security event in the GCC,
featuring keynote speakers John Viega and Matt Watchinski!