What do government security pros think?
Posted on 07 February 2014.
Tripwire and the Government Technology Research Alliance (GTRA) announced the results of a U.S. government cybersecurity survey that evaluated the attitudes and responses of 111 security and compliance professionals from U.S. government agencies and contractors.

“Cybersecurity continues to be one of the top priorities of senior executives in the federal government,” said Ron Ross, fellow at National Institute of Standards and Technology (NIST). “Studies, such as this one, bring together important data points that help decision makers assess trends and take part in an ongoing dialog that will help us craft effective solutions to our difficult and challenging cybersecurity problems.”

Key findings include:
  • 60 percent believe the new NIST framework will improve security.
  • 55 percent believe government IT security has improved due to the administration’s policies.
  • 46 percent say they have seen reductions in risk due to continuous monitoring efforts.
  • 43 percent of IT security and compliance employees consider poor governance and the dysfunctional Congress “the biggest security threat we face.”
  • 45 percent of respondents believe funding is the greatest challenge their agency faces in successfully implementing cybersecurity programs; only 37 percent believe they have adequate resources to properly implement policy; and when asked what federal security leaders should do to connect security to the agency mission, the second-most popular response was “more funding.”
Notes Dwayne Melancon, chief technology officer for Tripwire: “It is encouraging that government security and compliance professionals are seeing benefits from continuous monitoring and that they are optimistic about future improvements through the new NIST framework However, the survey results highlight the fact that resource constraints are a significant inhibitor to stronger security.”

Melancon continued: “Unfortunately, it seems that agencies still fear the auditor more than the adversary. Their biggest concern is becoming compliant, and while compliance can help improve security, it is not the most significant threat to achieving the mission for most organizations.”





Spotlight

Emerging cloud threats and how to address them

Posted on 15 September 2014.  |  Public and community clouds can be appealing targets for hackers looking to disrupt or steal information from scores of organizations with one successful strike. Here are some emerging security threats and issues cloud providers and their clients should be aware of.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 16th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //