What is your e-mail address?
My e-mail address is:

Do you have a password?
Forgot your password? Click here
close


    What the Experts Say About Cybersecurity

    Cybersecurity Top Ten Insights

    Survey Respondents Have Their Say 

    By Barbara DePompa

    When, in the course of conducting online surveys, respondents choose to expand by voicing their opinion on a topic, those efforts can often be worthy of publication. This 2009 Cybersecurity survey is no different. Here are some of the more interesting comments from respondents:

    T.M.I.
    There’s simply too much information (TMI) already on unclassified systems.  One respondent expressed grave concern about the overload of information available online. “We can start to correct this situation by using strong encryption devices and requiring all government-to-government transmission be encrypted.”

    While there was no detail provided on precisely how to accomplish this information lock-down, the impact on network performance that would occur if ALL information were encrypted would likely bring government operations to a standstill.

    Training, Not Tools
    One respondent stressed the need for greater education as well as the need to better leverage what’s already in use, in terms of security technologies today. “Through my 15+ years as a federal employee and a contractor I often see organizations spending money on new tools, rather than doing the hard work involved in reviewing accounts, configuring devices and monitoring existing security
    services.  Without taking the time to get the hard work done, there can be no meaningful security improvement,” he explained.

    In a similar vein, one respondent stressed the need for more training. In this executive’s opinion, the biggest threats are, “inadequate user training and poor oversight of executive management.”

    With a myriad of changes in operating systems, hardware capabilities, software connectivity and security technologies, “most government users have been left behind,” this
    executive continued.

    This respondent explained it can be difficult for a trained communications professional to keep up with all of the changes happening, which is why “we can’t expect non-IT personnel to maintain a credible working knowledge of the security tools and techniques that could help. IT and security training for all government, contractor and civilian personnel who touch government networks should be mandatory at least bi-annually.”

    This respondent also noted that what’s good for the worker bees is good for the queen. “There should not be any ‘allowances’ [a lowering of security measures] made for personnel based on their rank in the organization. While they may not be specifically targeted, generally speaking [high-ranking officials] have the greatest access to the most sensitive information and present the greatest risk, if the security measures taken are below par.”