The International Information Systems Security Certification Consortium, (ISC)², an information security non-profit, recently released The 2010 State of Cybersecurity from the Federal CISO’s Perspective. The report is based upon a cross-section of U.S. government CISOs to gather their views on the current state of cybersecurity.
The number of CISOs who felt they had an ability to impact the security posture of their agency went down between 2010 and 2009, which is a bit worrying. The top cited vulnerabilities and incidents were software, poorly trained users and insider threats.
Highlights from the survey:
- CISOs perceive software vulnerabilities (27%) as the most severe threat, followed by insiders (24%)
- CISOs see their duties becoming more political-/policy-oriented
- 72% do not use cloud computing because of high levels of uncertainty around being able to replicate IT security policy in the cloud and data loss prevention
- Three quarters of CISOs believe they have data security policies in place to balance the needs of transparency and information protection
The report recommends several things, including:
- Funding is needed to protect government networks
- CISOs need to be given the flexibility and creativity to compete with the private sector for qualified staff
- There needs to be a continuing and stronger emphasis on protection and management of data - not just focusing on threats and attacks