http://gcn.com/blogs/cybereye/2014/12/va-cybersecurity-documentation.aspx
By William Jackson
GCN.com
Dec 05, 2014
The Veterans Affairs Department has been dinged once again by the
Government Accountability Office for lack of follow-through in its
cybersecurity operations. In a recent report, VA Needs to Address
Identified Vulnerabilities, the GAO warned that unless VA’s security
weaknesses are fully addressed, “its information is at heightened risk of
unauthorized access, modification and disclosure, and its systems at risk
of disruption.”
The problem cited in the report is not so much that VA is doing a bad job
securing its networks and systems, but that it has not properly documented
security activities and has not developed action plans and milestones for
correcting problems.
Documentation and planning are more than busywork. Although it is true
that checking boxes and creating reports will not by themselves improve IT
security, without them it can be difficult if not impossible to assure
what has been done, that it has been done properly and that it can be
repeated if necessary.
These processes can make the difference between constantly fighting
brushfires and being able to effectively protect an agency enterprise and
improve its security posture.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
