A senior Chief Information Security Officer (CISO) advisor at Cisco has penned a commentary on the state of US cybersecurity frameworks, criticizing current government infosec and advocating for more autonomy for CISOs and a better understanding of the task at hand from those creating policies.
“After nearly two decades of federal cybersecurity and risk management as practiced under the rubric of the Federal Information Security Management Act (FISMA) of 2002 and the Federal Information Security Modernization Act (also FISMA) of 2014, billions of dollars in appropriated federal cybersecurity funding have not appreciably improved the overall situation,” wrote Bruce Brody.
Brody referenced the Senate Homeland Security and Governmental Affairs (HSGAC) report Federal Cybersecurity: America’s Data Still at Risk [PDF] released on August 3. The report grades overall federal agency information security at a C-.
The report is damning. The eight federal agencies reviewed all showed significant cybersecurity weaknesses, and the report concluded there is no single point of accountability nor unified strategy. Among…
