Letter to the editor
Following is a response to an FCW.com poll question that asked, "Do you think federal IT workers should be required to earn a systems security certification?"
I believe that systems should already be certified before being put into service. It would be more cost-efficient and save training dollars. However, information technology personnel should have training to make sure systems are compliant and are put into operation so that security requirements are met.
Systems should never be put online unless they are proven to have security to protect the systems from hackers. We should never sacrifice security over convenience. A lot of times we want an easy way of accomplishing our tasks rather than being secure. Any time we open ourselves up to vulnerabilities and accepted risk, we can do more harm than good.
Technology is great but we have to make sure that we are putting systems into place that are proven and approved at the highest levels, namely by the National Security Agency, etc.
A lot of times people out in the field do not have the time or expertise to accomplish the requirements needed for systems. Assurance should begin at the very start and meet strict compliance before a system is put out to the community.
Name withheld by request