Lessons learned

State and federal security officers who regularly use online resources say volumes of security information can be both a blessing and a curse.

Free information, such as what's available from the National Institute of Standards and Technology and similar Web sites, isn't tailored for individual agencies, but it can provide an important starting point when addressing a new security concern, said Matthew Baum, computer security officer and acting director of information assurance at the Education Department in Washington, D.C.

A cultural change promoting greater information sharing among security officials is gaining steam, he added. "Security folks are starting to realize they're not working in a vacuum," he said. "If someone else has gone through some heartache, maybe you don't have to."

Nevertheless, cyberofficials must be selective. Don't blindly implement security procedures no matter how successful they may have been for another agency,

said Daniel Wood, chief of

information technology security for the National Labor

Relations Board in Washington, D.C.

"You can get inundated with information that is not applicable to your organization," he said. "It's important to employ controls appropriate for your agency, while

still remaining within guidelines of the federal infrastructure. Information on how a larger agency hardens up its [Microsoft Corp. Windows] 2000 environment helps us to determine what may be appropriate and applicable for our environment."

About the Author

Alan Joch is a freelance writer based in New Hampshire.

Featured

  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/Shutterstock.com)

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected