HUD's CIO Understands Importance of Data

Sue Marquette Poremba

Among the many issues on President Obama's agenda is improving cyber security. He named a cyber security czar, for example. In response, Congress has also introduced bills that call for improved notification of data breaches, the creation of an executive office focused on cyber security policy and communications, and joint effort between the government and private sector to establish better security efforts.

 

Slide Show

Security Tops Concerns for Midmarket CIOs

Key findings of a Forrester Research survey.

Speaking to the improved private sector security, Jimmy E. Sorrells, senior vice president at Integrity Global Security, would like to see the bill include a rating standard for software and other computer-related products. He told me:

There are a lot of folks who think that private enterprises who make computers and software aren't going to invest the money to do what it takes to make their products secure until there are regulations in place.

Right now there is a directive in place-not a law-through the Office of Management and Budget that states that anyone selling IT products to the government has to have a security rating. The problem, Sorrells said, is the lack of meaning behind the rating.

You have to have a rating, but rated to what? There's no minimum standards. It can be a rating of zero and has little security protections, but it is still rated.

Hence, Sorrells' wish for the cyber security legislation is language in the bill that would set a minimum rating standards for computer products. True, this would be a rating system that would only focus on the government at first, but it would have to trickle down to government contractors, and maybe, eventually, to the private sector.

 

The benefit of having a minimum security rating? Sorrells said it would allow CIOs and CISOs to focus their attention on bigger security issues because security standards would require built-in security measures on every piece of computer equipment.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date