Lessons learned

State and federal security officers who regularly use online resources say volumes of security information can be both a blessing and a curse.

Free information, such as what's available from the National Institute of Standards and Technology and similar Web sites, isn't tailored for individual agencies, but it can provide an important starting point when addressing a new security concern, said Matthew Baum, computer security officer and acting director of information assurance at the Education Department in Washington, D.C.

A cultural change promoting greater information sharing among security officials is gaining steam, he added. "Security folks are starting to realize they're not working in a vacuum," he said. "If someone else has gone through some heartache, maybe you don't have to."

Nevertheless, cyberofficials must be selective. Don't blindly implement security procedures no matter how successful they may have been for another agency,

said Daniel Wood, chief of

information technology security for the National Labor

Relations Board in Washington, D.C.

"You can get inundated with information that is not applicable to your organization," he said. "It's important to employ controls appropriate for your agency, while

still remaining within guidelines of the federal infrastructure. Information on how a larger agency hardens up its [Microsoft Corp. Windows] 2000 environment helps us to determine what may be appropriate and applicable for our environment."

About the Author

Alan Joch is a freelance writer based in New Hampshire.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.