Letter to the editor
This is in response to an FCW.com survey question that asked "What is the primary obstacle to improving information security at federal agencies?"
Information security is totally fractured in its implementation governmentwide. Each organization head is allowed to just make arbitrary decisions without justifying them.
That is fine if you are a company and only your company suffers; however, when the nation itself can be harmed, then the security should be centrally controlled and personnel working in security should be part of a "security corps" and not a collateral duty to be passed to someone who might have time to file the reports.
Guidelines and policies are only useful if they are followed. It appears they need to be changed to laws to force compliance.
Name withheld by request