Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by Law.com, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!

X

More On

U.S. agencies show ‘limited’ progress in improving cybersecurity measures

Weaknesses show that information security continues to be a major challenge for federal agencies.

Federal agencies have been inconsistent in their plans to implement cybersecurity measures mandated by the Federal Information Security Management Act of 2002 (FISMA), according to a new report released by the U.S. Government Accountability Office (GAO).

FISMA requires each federal agency to establish an information security program that incorporates eight components, and each agency inspector general to evaluate and report on the information security program and practices of the agency annually.

By 2012, 24 major federal agencies had established many of the components of an information security program required by FISMA; however, they had only partially established others. The report does not break down findings by agency.

These and other “weaknesses show that information security continues to be a major challenge for federal agencies,” the report stated. “Until steps are taken to address these persistent challenges, overall progress in improving the nation’s cybersecurity posture is likely to remain limited…we have identified the protection of federal information systems as a government-wide high-risk area since 1997,” the report continued. “Since that time, we have issued numerous reports making recommendations to address weaknesses in federal information security programs.”

The act also requires the Office of Management and Budget (OMB) to develop and oversee the implementation of policies, principles, standards and guidelines on information security in federal agencies and the National Institute of Standards and Technology (NIST) to develop security standards and guidelines.

In regard to the extent to which agencies implemented security program components, the report revealed mixed progress from 2011 to 2012. For example, according to inspectors general reports, the number of agencies that had analyzed, validated, and documented security incidents increased from 16 to 19, while the number able to track identified weaknesses decreased from 20 to 15.

Cybersecurity is no longer just the purview of IT departments, but rather the concern of entire organizations, from workers who bring their own devices to the office all the way up to the highest C-level executives, and this includes a crucial role for general counsel.

The NIST released a preview of what could be forthcoming cybersecurity standards. The “discussion drafts,” which the NIST made available in early September, are being developed as a part of President Obama’s cybersecurity executive order.

Editor in Chief

author image

Erin E. Harrison

Erin E. Harrison is the Editor in Chief of InsideCounsel magazine. Harrison’s professional background includes extensive expertise in both print and online media, highlighted by...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.