|
home
Up
& Down At The Same Time
GAO
findings and
research from AFFIRM and 1105 Government Information Group demonstrate
that IT security continues to be a moving target.
Government agrees.
Security remains the top technology priority for government executive,
program and IT managers according to recent research on
“Government IT Buying” published by the 1105
Government
Information Group.
At the same time, according to the 12th annual Federal Chief
Information Officer “Top Ten Challenges Survey”
produced by
AFFIRM (Association for Federal Information Resources Management),
“Security infrastructure” retains its #1 Critical
Technology/Solutions ranking in 2007. It has been ranked #1 every year
since 2000. As stated in the research report, “now we know
security is an unending hallenge and we, know clearly and
unequivocally, ‘Security infrastructure’ is
considered the
most critical technology over the life of the survey.”
GAO
Concerns
In spite of being the #1 priority, GAO chided agencies for not doing
enough in a July 2007 report.
“Significant weaknesses in information security policies and
practices threaten the confidentiality, integrity, and availability of
critical information and information systems used to support the
operations, assets, and personnel of most federal agencies.”
“Almost all of the major federal agencies had weaknesses in
one or more areas of information security controls…
most agencies did not implement controls to sufficiently prevent,
limit, or detect access to computer resources….did not always manage the configuration of network devices to prevent unauthorized
access and ensure system integrity.”
“An underlying cause for these weaknesses is that agencies
have
not fully implemented their information security programs. As a result,
agencies may not have assurance that controls are in place and
operating as intended to protect their information resources, thereby
leaving them vulnerable to attack or compromise.”
Opposing
Views
According to AFFIRM, federal responders have declining confidence in
the “improvement of the security of their IT
infrastructure”. For the 4th year in a row respondent
confidence
has steadily declined. Starting with 74% confidence in 2003, confidence
has fallen to 72% in 2004 to 68% in 2005, to 54% in 2006, to now 49%
confidence in 2007. Moreover, those thinking their IT infrastructure
was “More Vulnerable” has steadily risen from 2% in
2003 to
now 24% in 2007.
But 73% believe the security is the same or better (49% better and 24%
same) than the prior year. Reconciling these two opposing
views
is open to interpretation. According to AFFIRM, “one way
would be
to see the decrease in confidence about improvement as resulting from:
1) a general improvement in security awareness across the community;
and, 2) increasing sophistication of the attacks and thus concern about
“improvement.”
Government
IT Priorities
Below are the ranking of technology
priorities based on respondents’ rating of their
agency’s
top priorities. Security is not only on top, but is an integral part of
every other priority.
• Increase security
• Increase operational efficiency/productivity
• Data management
• Improve infrastructure
• Information sharing
• Continuity of operations (COOP)
• Homeland Security initiatives
• Identity management
• Enterprise architecture
• Interoperable communications
• Increase collaboration with other agencies
• IT consolidation
• Mobility and wireless
• Develop e-government applications
• Network-centric warfare
Source: 2007 Government IT
Buying Study, 1105 Information Group
|
|
|
|
|
|
|
