https://fcw.com/articles/2019/09/24/dhs-fisma-johnson.aspx
By Derek B. Johnson
FCW.com
September 24, 2019
The Department of Homeland Security's information security practices have gone
from good to better, according to a new inspector general audit.
Measuring via a five-point scale developed through the Federal Information
Security Modernization Act, DHS improved its scores for the "protect"
(developing and implementing appropriate safeguards of critical services) and
"detect" (monitoring for irregular system activity) functions from a three out
of five to four. That gives the department a score of four out five in all
FISMA cybersecurity functions except "recover," which remains at a three.
The "protect" function encompasses activities like properly configured
workstations with core security settings, strong identity and access management
controls, a clearly defined data protection and privacy policy and regular
security awareness trainings for staff.
Two areas where DHS was dinged: spotty patching and a lack of effective metrics
to measure how its networks perform blocking attempts at data exfiltration.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
