Cloud Security, Costs Concern Federal IT Pros

From: Information Week

As White House continues to push cloud computing, federal IT managers still worry about security and costs, Ponemon survey finds.

By J. Nicholas Hoover

Federal IT managers are working to adopt cloud computing technologies and comply with White House cloud computing initiatives, but aren’t yet sold on cloud computing’s cost savings or security, according to a recent survey.

According to the survey by research group the Ponemon Institute, 91% of federal IT workers are either somewhat or very familiar with the Office of Management and Budget’s Cloud First initiative, but 69% believe that the initiative’s requirement to move three services to the cloud over 18 months is too fast. In fact, 71% of respondents said that pressure to move to the cloud creates security risks for their organizations.

ISPAB Meeting Agenda: February 1-3 (Washington, DC)

Attached below is the agenda for the Information Security and Privacy Advisory Board meeting on February 1-3.  It is the first of three scheduled ISPAB meetings in 2012.



Senate cybersecurity bill sparking concerns about government control

From: The Hill

By Gautham Nagesh

A comprehensive cybersecurity bill set for a vote in the Senate this week is drawing some late concern from the tech industry that could threaten several years of legislative work.

The bill has not been released publicly, but according to sources familiar with its content it takes a light touch approach to regulating network security at firms deemed part of the nation’s critical infrastructure. 

But at least one IT firm is raising flags about the amount of control it gives the Department of Homeland Security (DHS) over federal contractors whose security precautions are found lacking.

Human Element of Info Risk Management

From: GovInfoSecurity

Continuous Monitoring, Education Seen as Critical

By Jeffrey Roman

People, as much as anything else, are a critical aspect of information risk management, and businesses and government agencies must monitor employees – and educate them, as well – to thwart a potential threat from within.

“At State, we implemented a continuous-monitoring program for people,” George Moore, who joined the State Department in 2006 as chief computer scientist. says in a panel discussion moderated by Information Security Media Group’s Eric Chabrow (transcript below). State’s program includes daily security tips that are sent out to employees who are then quizzed on the information provided.

The SEC and cybersecurity

Editor’s Note:  The article below discusses one of the leading edges of federal regulation of private sector cybersecurity.

From: The Deal Magazine

by Stewart Baker, Steptoe & Johnson

Be honest. When you heard the Securities and Exchange Commission had issued guidance about corporate disclosure obligations concerning “cybersecurity risks and cyber incidents,” did you sigh and say to yourself, “Just what I need, another SEC release about Washington’s latest obsession?”

This time, though, that’s the wrong reaction. This time, I predict a significant impact on both corporate disclosures and deal practice. For two reasons, one grounded in the nature of network intrusions and the other grounded in SEC practice.