U.S. Federal CIOs More Concerned About Information Security and Privacy Than In the Past

Monday (2/26) the ITAA issued a press release reporting the resuults of a survey of 47 government CIOs.
They found that:

* CIOs have “made progress in certifying their IT systems, training IT workers and other employees about cybersecurity, and setting up IT security policies during 2006”
* CIOs are”making progress integrating security into their information architecture, instead of “bolting on” security afterward”
* CIOs have “made progress implementing information privacy programs, although in many cases, the progress was simply getting a privacy program off the ground”
* CIOs “don’t have authority over personal inventory rules covering devices such as laptops, even though the high-profile breaches last year involved laptops, hard drives or other similar devices. “There’s a wide range of devices that are not even under the CIOs’ control,””
It is good the issues of information security and privacy have bubbled up in priority, at least with CIOs within the U.S. federal government. However, there apparently is still much they need to do.
It was surprising to me that they indicated they had no authority over personal inventory rules. If the CIOs don’t, then who does? Someone needs to be accountable. A huge percentage of the government breaches occur through such devices.

Tags: , , , , , ,

Leave a Reply