Letter: Security rules are only as good as those who obey them

"Gadgets that don’t play by the rules" is a good article on the challenges of adapting to agency responses to the rapidly changing technology landscape, but I have to ask about your comment in the sidebar that states, "Information technology managers...can buy some time by using common sense rules until they can develop a broader strategy."


With all due respect, the alarm went off at the announcement of the Veterans Affairs Department breach. With all hands on deck across the federal government, agency technology managers have been tasked with making sure that their agencies don't get embarrassed by another breach and yet many more have come to light. It's time to seriously look at the root cause: Information is easy to distribute once authorized access is granted. All of the training can be done and all of the policies in the world can be devised to state what is not allowed, but like speeding in your car, without enforcement, laws are only as good as the people obeying them.


Automated enforcement is needed that is transparent and user friendly so as to enable business productivity while enforcing security. Since unknown storage devices can be introduced, then enforcement needs to be at the information level. Industry is already working diligently to address this issue in the areas of the Secure Information Shared Architecture Alliance and enterprise rights management. The alliance would provide much tighter controls over network access offline and on, and a subset of this vetted off-the-shelf interoperability solution includes enterprise rights management to provide enforcement of agency policies and security awareness trainings at the data-level without putting additional strain on security departments. When "gadgets don't play by the rules," then agencies need to change the rules.


Anonymous

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.