Evans: 'People are losing data'

OMB memo on reporting loss of data

Related Links

Between July and Sept. 30, agencies reported 338 separate security incidents involving personally identifiable information to the Office of Management and Budget, Karen Evans, OMB’s administrator for e-government and information technology, said today.

Many of the incidents, however, are not attacks on government information from outsiders, Evans said in a speech at the IT Association of America’s annual Chief Information Security Officer Workshop in Falls Church, Va.

“Primarily, people are losing data,” she said.

The trend affects agencies’ internal processes, such as how information is handled and who can access it. OMB has required agencies to reassess their processes. It wants them to consider what employees and contractors have remote access to information and how the agencies secure it. OMB also wants agencies to continue to review risk associated with their offered services.

In her speech, Evans gave some preliminary statistics on information security. OMB’s analysis shows that the percentage of agencies’ systems that met accreditation and certification standards increased from 85 percent in fiscal 2005 to 88 percent in fiscal 2006. The percentage of agencies’ systems with contingency plans in 2005 was at 61 percent, and in 2006 it was boosted to 78 percent.

Last year, inspectors general gave 17 agencies’ accreditation and certification reports a satisfactory or better rating, and in 2006, 19 agencies received such ratings, Evans said.

OMB will release the final edition of its annual Federal Information Security Management Act report in March.

OMB issued a memo July 12 revising incident reporting rules to state that agencies must report losses of personally identifiable information within an hour of discovery to the Homeland Security Department. Moreover, those reports should not distinguish between suspected and confirmed incidents, according to memo.

Featured

  • FCW Perspectives
    human machine interface

    Your agency isn’t ready for AI

    To truly take advantage, government must retool both its data and its infrastructure.

  • Cybersecurity
    secure network (bluebay/Shutterstock.com)

    Federal CISO floats potential for new supply chain regs

    The federal government's top IT security chief and canvassed industry for feedback on how to shape new rules of the road for federal acquisition and procurement.

  • People
    DHS Secretary Kirstjen Nielsen, shown here at her Nov. 8, 2017, confirmation hearing. DHS Photo by Jetta Disco

    DHS chief Nielsen resigns

    Kirstjen Nielsen, the first Homeland Security secretary with a background in cybersecurity, is being replaced on an acting basis by the Customs and Border Protection chief. Her last day is April 10.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.