Conducted by Intelligent Decisions, a Washington, D.C.-based systems integrator, the survey of 29 federal CISOs ranked increased software quality assurance as the top area that the private sector needs to focus on.
The study also showed that federal CISOs are spending 23 percent more time on compliance with FISMA (Federal Information Security Management Act), spending an average of 3.75 hours per day on compliance compared to 3.06 hours per day than last year. The survey is the second by Intelligent Decisions, which released the first one last fall. The study involved CISOs from civilian and defense agencies of all sizes.
"This result is somewhat expected because compliance reporting is the main reason for the CISO position, but last year we expected to see an increase in automation and a decrease in the time required by the CISO to perform these duties," said Roy Stephan, director of cybersecurity at Intelligent Decisions. "Instead, we have seen an increase in the importance of these tasks and an increase in the amount of time that CISOs across the board spend on these types of tasks."
Looking ahead, federal CISOs said they believe increased use of wireless networks and mobile devices will be the top trend in the next year.Yet 54 percent of agencies with wireless networks reported not implemented the four basic security controls recommended by the National Institute of Standards and Technology (NIST).The top three products the CISOs consider most important to their agencies include network security/firewalls, disaster recovery/continuity of operations planning, and authentication/PKI/encryption devices.