[Dataloss] Data breach report stirs security pot

[blitz]

>http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcn&story.id=42370
>
>
>Data breach report stirs security pot
>
>
>10/23/06
>By Mary Mosquera,
>
>
>Davis pushes security bill, calls for OMB to step up efforts
>
>
>
>
>
>
>Now that an unflattering report detailing data loss in 19 major agencies is
>public, House Government Reform chairman Tom Davis (R-Va.) is calling for
>action from the administration and Congress.
>
>The recent committee staff report revealed that some agencies were clueless
>as to what happens to personal data in their care. The vast majority of data
>breaches arose from physical theft of notebook PCs, drives and disks, or
>from unauthorized use of data by employees, the report said.
>
>Davis said that next he will take a closer look at agencies with the most
>widespread breaches.
>
>"I'm also intent on reaching out again to those agencies that reported few
>or no incidents. I'm wondering if they simply lack the means to know if
>sensitive information's been compromised," Davis said.
>
>The Office of Management and Budget needs to act more decisively to help
>agencies secure data, he added.
>
>"OMB should begin by clarifying and strengthening their guidance," Davis
>said. OMB, meanwhile, is contemplating its next move.
>
>"We appreciate the recent input of the House Government Reform Committee and
>the inspectors general. We're reviewing these two reports and will use them
>to inform our thinking on potential next steps," said an OMB spokeswoman.
>
>OMB has provided some guidance to agencies to safeguard personal information
>since the May theft of a notebook PC, containing data belonging to millions
>of veterans, from the home of a Veterans Affairs Department employee.
>
>Davis plans to work with OMB to strengthen agency guidance while also
>pushing through Congress legislation that makes that guidance a requirement
>in addition to other steps.
>
>The House recently passed the Veterans Identity and Credit Security Act of
>2006, which includes legislation that Davis authored. The bill would
>strengthen federal security requirements and provide for notification. Davis
>will offer his legislation as a standalone bill if the Senate does not pass
>the VA security bill when Congress returns next month, he said.
>
>"Whether the legislation is part of the VA bill or separate, I think there's
>consensus that these are steps we need to take, and take now," Davis said.
>Davis worked with Veterans Affairs chairman Steve Buyer (R-Ind.) to craft
>the security bill. Buyer is negotiating with the Senate on the bill, a
>committee spokeswoman said.
>
>As the committee staff report proved and VA found in its own experience, it
>is important that agencies inventory all their IT systems to assess what
>data is at risk and what safeguards must be imposed, Buyer said.
>
>"Agencies need to empower the CIO with authority and responsibility to
>ensure data security compliance," he said.
>
>Following the flood of security breaches this year, Davis and ranking
>Democrat Henry Waxman (D-Calif.) sought summaries from major agencies of
>data breaches in the past three years to provide a governmentwide snapshot
>of data risk.
>
>Federal contractors were responsible for many of the data breaches that
>agencies reported, the report said. Davis wants to reaffirm that the Federal
>Information Security Management Act applies to contractors.
>
>"If necessary, we can amend FISMA to make this even more apparent and
>effective," he said.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://attrition.org/pipermail/dataloss/attachments/20061031/64f88635/attachment.html