Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Digg this story   Add to del.icio.us  
Security is About Outcomes, FISMA edition
adam, Emergent Chaos 2009-09-30
Over at the US Government IT Dashboard blog, Vivek Kundra (Federal CIO), Robert Carey (Navy CIO) and Vance Hitch (DOJ CIO) write:
the evolving challenges we now face, Federal Information Security Management Act (FISMA) metrics need to be rationalized to focus on outcomes over compliance. Doing so will enable new and actionable insight into agencies' information and network security postures, possible vulnerabilities and the ability to better protect our federal systems. ("Moving Beyond Compliance: The Status Quo Is No Longer Acceptable")
I'm tremendously excited to see this because back in April I wrote "Security is about outcomes, not about process." I don't know that I can claim credit for this, but it's nice to see how far the meme has gone.




The information, views, and opinions contained on this page are those of the author and do not necessarily reflect the views and opinions of SecurityFocus.






 

Privacy Statement
Copyright 2009, SecurityFocus