Gartner slams government security guidelines

Powered by SC Magazine
 

Nothing but a PR stunt, claims analyst.

Analyst firm Gartner has dismissed a tightening of security rules for US government agencies as a mere "public relations response" to recent high-profile incidents.

During a burglary in May, thieves stole a laptop containing confidential information on 26.5 million veterans and military personal from the home of an employee for the Veterans Authority.

The laptop was recovered in June and it is claimed that the data was not accessed.

Also in May, a recruiter for the Internal Revenue Service lost a laptop with information on 291 of the service's workers and job applicants. In both cases the data was not encrypted.

The US Office of Management and Budget issued a memorandum last week requiring federal government agencies to report "all security incidents" to the US Computer Emergency Readiness Team within one hour of discovery.

Agencies were previously required to report only unauthorised access to data within one hour. The rules allowed for up to a week to report "improper usage incidents" such as storing unencrypted data laptops or home computers.

But Gartner concluded that the new measures will only prevent embarrassing media reports surfacing before the authorities have been informed.

"Gartner believes that 'improper usage' is not defined clearly enough as it relates to personal information, and that either the Office of Management and Budget or National Institute of Standards and Technology should issue more specific guidance in this area," said Gartner analysts John Pescator and Jay Heiser.

"Increased and faster reporting will lead to little more than accurate and timely statistics unless incident response processes in government are drastically improved."

Copyright ©v3.co.uk


Gartner slams government security guidelines
 
 
 
Top Stories
Microsoft confirms Australian Azure launch
Available from next week.
 
NBN Co names first 140 FTTN sites
National trial extended.
 
Cloud, big data propel bank CISOs into the boardroom
And this time, they are welcome.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  27%
TOTAL VOTES: 260

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  62%
 
No
  38%
TOTAL VOTES: 82

Vote