Archive for the ‘Federal’ tag
You Don’t Build A Fence This Way
The Following text is taken from a GAO report on the SBInet (DHS Needs to Address Significant Risks in Delivering Key Technology Investment) that was published yesterday and caught my attention. The title says it all: risk, technology and investment – everything one needs in order to have a good reading). But then, as I go over the text I was very disappointed to learn that the DHS was not learning from the Israeli mistakes when the security fence was built. Judge for yourself. Read the executive summary below:
SBInet, DHS Secure Border system
Just replace some of the names and you feel like your in the Middle East, where projects are known to be delayed, technology is always ahead of what was originally planned and the overall cost is several times higher then originally planned….
Federal Regulations Mandates Protection Of Private Sector Data
Here’s some very interesting reading material. I must admit that I was not aware of all the Federal policies to govern and protect IT systems and data in private sector companies. Below you can read the summary of the United States Government Accountability Office GAO-08-1075R.
More important, this document lists some of the penalties and enforcement options that the Feds can use.
Summary of Federal Requirements for Securing Privately Owned IT Systems and Data
Federal policy identifies 18 infrastructure sectors–such as banking and finance, energy, public health and healthcare, and telecommunications–that are critical to the nation’s security, economy, public health, and safety. Because these sectors rely extensively on computerized information systems and electronic data, it is crucial that the security of these systems and data is maintained. Further, because most of these infrastructures are owned by the private sector, it is imperative that public and private entities work together to protect these assets. The federal government uses both voluntary partnerships with private industry and requirements in federal laws, regulations, and mandatory standards to assist in the security of privately owned information technology (IT) systems and data within critical infrastructure sectors. As agreed, our objectives were to (1) identify, for each critical infrastructure sector, the federal laws, regulations, and mandatory standards that pertain to securing that sector’s privately owned IT systems and data and (2) identify enforcement mechanisms for each of the above laws, regulations, and mandatory standards.
Read the rest of this entry »