[ISN] EPA improves security compliance
InfoSec News
isn at c4i.org
Tue Apr 6 10:48:21 EDT 2004
http://www.fcw.com/fcw/articles/2004/0405/web-fisma-04-05-04.asp
By Sarita Chourey
April 5, 2004
Environmental Protection Agency officials dramatically improved their
ability to follow information security regulations by spending half a
million dollars on a compliance system.
Several companies and government agencies have contacted the EPA to
learn about its increased compliance with the Federal Information
Security Management Act of 2002, said Mark Day, the EPA's deputy chief
information officer. Since buying software from BindView Corp. more
than a year ago, the agency's FISMA technical compliance has risen
from 35 percent to 95 percent, attracting interest inside and outside
of the federal government., Day said.
In an Office of Management and Budget report, "Budget of the United
States 2005; Analytical Perspectives," officials stated that the EPA
"excelled at protecting their information security assets."
BindView's product, BindView Report Packs, is designed to help
information technology administrators target and eliminate security
vulnerabilities in information systems. The software cost the agency
about $500,000, Day said.
As with many new IT strategies, particularly ones that involve
intensified oversight, initial hesitancy among agency staff members
gave way to broad-based approval, Day said.
"There were a couple brave souls who took this on and proved that it
could be done," he said. "Then later, when someone said, 'It's too
hard. It can't be done,' the answer was easy: 'Everyone else is doing
it.' "
The BindView system gave managers the tools to give instructions and
check compliance, which helped the EPA chart and publish its
compliance.
"It's amazing how these charts went from being something very disliked
in the first couple months to now most of the IT professionals saying
to their boss, 'Here's independent proof that I am doing my job.' "
Officials ensured that the EPA's compliance reports were widely
published, lending to system-critical transparency and credibility,
Day said. And managers didn't have to be technical experts to address
their IT problems. "The typical problem a manager gets is a report
saying a password isn't set up. What can they do? They don't know how
to fix that. Well, now they say get me green."
EPA isn't endorsing BindView's product, Day sa
More information about the ISN
mailing list