I see at the bottom of this article that the feds are calling for more stringent data security rules and while they do need tightening, at the end of the day it is the federal governments mindless drive to meet the documentation requirement and check the box without a clue as to how to implement controls operationally. I should also say that the few who have a clue lack management and budgetary support. The fed should focus on actual operations security (i.e. where the rubber meets the road).

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/498/1937#1937