nCircle.com >> 360 Security

« InfoSec Handbook: A guide for the non-specialist | Main | SCADAGard SIG To Be Established »

Federal IT Security Trends

Cisco has produced a somewhat interesting study on changing security trends in the federal space. Carolyn Duffy Marsan has kindly written an article at Network World to tell us about it. Let me offer first a favorite criticism of mine: if you are producing a story about some survey, another story, a press release, legislation, etc, please please please provide a link to the original item! Now, maybe this survey isn't publically available, but I don't know that. I can research it and find out, I'm sure, but part of the value the article brings should be to make that task easier.

One thing in particular caught my attention in these survey results. "More than half of the survey respondents cited funding, existing architectures and the lack of standards as significant barriers to improving network security." Funding is certainly no surprise as a barrier. I think there's probably something wrong with the market if vendors arent' pushing the budgetary envelope, and there's definitely something wrong with the purchasing process if the agencies aren't pushing back. The other two barriers mentioned are more interesting, and actually related. The 'existing architecures' as a barrier indicates that vendors aren't delivering on the promise of integration into existing systems. Alternatively, it demonstrates how the lack of standards in the past has developed into a problem. A good standard, like XCCDF, can make integration easier. On the other hand, standards create commoditization in the market, and that means vendors have to work harder to differentiate themselves from their competitors.

Interestingly, google happily remembers last year's survey as well. Last year, "The most significant barriers (referred to as "mountains versus molehills" in the survey) to improving an agency's network security capabilities include funding and budget, and other projects getting higher priority." So funding is a constant. No surprise there, but the priorities have shifted so that integration is key, but project priority is no longer a problem. Also, no mention of standards at all.

There are other juicy tidbits in the article as well, but I'll let the interested pursue them on their own.

Posted by Tim Erlin on November 13, 2006 7:26 AM |

Search


About

This page contains a single entry from the blog posted on November 13, 2006 7:26 AM.

The previous post in this blog was InfoSec Handbook: A guide for the non-specialist.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]