Letters to the Editor

Arguing the business case

The path to every federal employee having a truly personal computer would be a business case. ["A vision for e-government," Federal Computer Week, April 10] This would be a more aggressive approach and would yield a more analytical outcome.

A business case would identify the priority order in which personal computers would be acquired. It would cut across programs and agencies and result in computer investments with the greatest returns to a deserving public. Probably, it would increase the likelihood of the e-government vision becoming a reality.

Without a business case, the more compelling "e-worker" benefits to the public could be lost.

Marv Gordon

President

Business Systems Management Inc.

Plugging the security holes

I read with interest the article on security ["Scanning for security Holes," Federal Computer Week Securing Electronic Government Supplement, April 10], and in particular the "Calling in hired guns" sidebar.

As you rightly point out, the shortfall in security expertise has indeed opened the door, not just for large commercial organizations that provide security services as a part of their larger IT services product line, but also for smaller companies like mine that specialize solely in security services.

My company, Mainstay Enterprises Inc., is a small woman-owned business specializing in information, physical and personnel security services and is one of the "guns" currently helping the Federal Aviation Administration meet Presidential Decision Directive-63 requirements. In particular, we are assisting in Security Risk Assessment/Risk Remediation Planning for critical information systems within the Office of Certification & Regulation (AVR) and the Office of the Assistant Administrator for Financial Services (ABA). We are also spearheading the development of a standardized, automated methodology for Security Risk Assessment utilizing a "toolbox" of commercial off-the-shelf products for the Information Systems Security Program Office of Air Traffic Service.

We believe that although the use of outside contractors (hired guns) to help plug the security gap makes short-term sense, agencies such as the FAA must also take action to increase their own internal capabilities. In fact, FAA is moving aggressively to do so, both through the training of existing staff and in selective hiring of security personnel.

To assist in this, Mainstay has developed and is implementing a process that rapidly and cost-effectively identifies potential risks to a system's assets and assesses high-level security countermeasures required to reduce those risks to an acceptable level. Key to this process is a series of security workshops in which FAA System Owners become partners in the risk assessment process for their systems, and hence build a greater sense of security awareness and "buy-in' among themselves and their staff as the work progresses. In this way, both goals are achieved.

Barry Bendel

Vice president for operations

Mainstay Enterprises Inc.

Featured

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.