Friday, September 10, 2010

Hot off the Press: FISMA 2010 - What it Means for IT Security Professionals

Finally, an article I first wrote over ONE year ago, back in August 2009, just got published and is out on the streets in Volume 5 of the highly prestigious ISACA Journal. ISACA is the organization that administers and confers the highly sought CISA, CISM, CGEIT, and CRISC certifications.

Unfortunately, you have to be a subscriber of the ISACA Journal to view the complete article. For those of you who are not currently members of the ISACA, here is a teaser as incentive for you to join! :)

FISMA 2010 - What it Means for IT Security Professionals

New threats related to cybersecurity are causing a shift in focus from compliance to risk-based protection, resulting in new requirements for system security and contingency plans, a greater push for continuous monitoring, and a stronger emphasis on configuration management and incident response.

Are you ready?

The US Federal Information Security Management Act (FISMA), originally enacted in 2002 and currently undergoing considerable revision, establishes clear criteria to improve US federal agencies’ cybersecurity programs. But, even as federal agencies struggle to implement
their existing information security programs, cybersecurity breaches have become increasingly common, with a 200 percent hike in such breaches over the past three years, according to numbers from a recently released Government Accountability Office (GAO) report in which the number of cybersecurity breach-related incidents reported by US federal agencies has risen from 5,503 in fiscal year 2006 to 16,843 in 2008.

This article looks at how FISMA and its family of key National Institute of Standards and Technology (NIST) Special Publications (SPs) are changing to meet the challenges posed by increasingly elusive hackers who are using better and more sophisticated tools and techniques to attack increasingly lucrative targets. Complacency is definitely not an option. The only option is to stay one step ahead of the game.

Want to read more? It'a all in Volume 5 of the ISACA Journal... so join now! :)

1 comment:

  1. Great article! Thanks for sharing your views.