Gartner slams government security guidelines

Powered by SC Magazine
 

Nothing but a PR stunt, claims analyst.

Analyst firm Gartner has dismissed a tightening of security rules for US government agencies as a mere "public relations response" to recent high-profile incidents.

During a burglary in May, thieves stole a laptop containing confidential information on 26.5 million veterans and military personal from the home of an employee for the Veterans Authority.

The laptop was recovered in June and it is claimed that the data was not accessed.

Also in May, a recruiter for the Internal Revenue Service lost a laptop with information on 291 of the service's workers and job applicants. In both cases the data was not encrypted.

The US Office of Management and Budget issued a memorandum last week requiring federal government agencies to report "all security incidents" to the US Computer Emergency Readiness Team within one hour of discovery.

Agencies were previously required to report only unauthorised access to data within one hour. The rules allowed for up to a week to report "improper usage incidents" such as storing unencrypted data laptops or home computers.

But Gartner concluded that the new measures will only prevent embarrassing media reports surfacing before the authorities have been informed.

"Gartner believes that 'improper usage' is not defined clearly enough as it relates to personal information, and that either the Office of Management and Budget or National Institute of Standards and Technology should issue more specific guidance in this area," said Gartner analysts John Pescator and Jay Heiser.

"Increased and faster reporting will lead to little more than accurate and timely statistics unless incident response processes in government are drastically improved."

Copyright ©v3.co.uk


Gartner slams government security guidelines
 
 
 
Top Stories
At the top of her game
A decision to bring digital operations back in-house three years ago has paid big dividends for Tabcorp.
 
Westpac hires SAP man as CTO
Creates four new IT lead positions.
 
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  8%
 
Your telco, ISP or utility
  7%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  21%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 984

Vote