Letters to the Editor
Arguing the business case
The path to every federal employee having a truly personal computer would
be a business case. ["A vision for e-government," Federal Computer Week,
April 10] This would be a more aggressive approach and would yield a more
A business case would identify the priority order in which personal
computers would be acquired. It would cut across programs and agencies and
result in computer investments with the greatest returns to a deserving
public. Probably, it would increase the likelihood of the e-government vision
becoming a reality.
Without a business case, the more compelling "e-worker" benefits to
the public could be lost.
Business Systems Management Inc.
Plugging the security holes
I read with interest the article on security ["Scanning for security Holes,"
Federal Computer Week Securing Electronic Government Supplement, April 10],
and in particular the "Calling in hired guns" sidebar.
As you rightly point out, the shortfall in security expertise has indeed
opened the door, not just for large commercial organizations that provide
security services as a part of their larger IT services product line, but
also for smaller companies like mine that specialize solely in security
My company, Mainstay Enterprises Inc., is a small woman-owned business
specializing in information, physical and personnel security services and
is one of the "guns" currently helping the Federal Aviation Administration
meet Presidential Decision Directive-63 requirements. In particular, we
are assisting in Security Risk Assessment/Risk Remediation Planning for
critical information systems within the Office of Certification & Regulation
(AVR) and the Office of the Assistant Administrator for Financial Services
(ABA). We are also spearheading the development of a standardized, automated
methodology for Security Risk Assessment utilizing a "toolbox" of commercial
off-the-shelf products for the Information Systems Security Program Office
of Air Traffic Service.
We believe that although the use of outside contractors
(hired guns) to help plug the security gap makes short-term sense, agencies
such as the FAA must also take action to increase their own internal capabilities.
In fact, FAA is moving aggressively to do so, both through the training
of existing staff and in selective hiring of security personnel.
To assist in this, Mainstay has developed and is implementing a process
that rapidly and cost-effectively identifies potential risks to a system's
assets and assesses high-level security countermeasures required to reduce
those risks to an acceptable level. Key to this process is a series of security
workshops in which FAA System Owners become partners in the risk assessment
process for their systems, and hence build a greater sense of security awareness
and "buy-in' among themselves and their staff as the work progresses. In
this way, both goals are achieved.
Vice president for operations
Mainstay Enterprises Inc.