Government Computer News
IT security plans getting personal
OMB order accelerates efforts to protect remote access and personal information
Digg
De.licio.us
Slashdot
Technorati
Image:
Maybe we’ve addressed what we considered the high-risk items. Now this will make us focus on” remote access and personally identifiable information.
—Vance Hitch
—Vance Hitch
In this report
Data breaches reported over the last eight months
Federal officials said agencies did not pay enough attention to such important controls as encrypting data on mobile devices and logging all computer-readable data extracts from databases holding personal information.
And this lack of control over personnel data was a major contributor to the rash of data losses and breaches over the last three months, federal experts said.
“There are so many things to be done. We’ve been attacking chunks of them. We have our hands full,” said Vance Hitch, Justice Department CIO and chairman of the federal CIO Council’s executive committee on cybersecurity and privacy.
The recent spike in reported data breaches prompted the Office of Management and Budget in June to require that agencies enforce existing data security provisions and put new ones in place. The deadline was last week.
OMB guidance acts as an accelerant for agencies to get their data security in place, said newly minted Education CIO Bill Vajda.
The breaches also spotlight one aspect of the IT security universe and how vulnerable agencies can be with remote access and personally identifiable information, Hitch said
“For comparison purposes, maybe we’ve addressed what we considered the high-risk items. Now this will make us focus more on those two things as higher risk than what we thought before,” he said.
Agencies must install controls and other IT security safeguards under the Federal Information Security Management Act and guidelines recommended by the National Institute of Standards and Technology, including Federal Information Processing Standard 200 and Special Publication 853, he said.
OMB added safeguards in the June memo: Agencies must encrypt data on mobile devices, use two-factor authentication for remote access, require re-authentication after 30 minutes of inactivity and log all computer-readable data extracts from databases holding personal information. OMB gave agencies until Aug. 7 to have these controls in place.
Agencies are expected to review their information systems and ensure that they are properly protecting sensitive data, an OMB spokeswoman said.
| |||
| Latest News |  WashingtonTechnology.com |
FCW.com |
|
GCN.com
The latest technology news from GCN.com
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
|||
|
 |
![1105 Government Information Group [purity]](/images/1105logo_website.gif "Government Computer News [purity]")
© 1996-2008 1105 Media, Inc. All Rights Reserved.
