Critical security concerns facing government

Challenge 1: Staying compliant

If the government enforces regulations, then its various departments and functions must also comply with those same regulations. Major data security regulations include:

  • Federal Information Security Management Act (FISMA): This is part of the 2002 Homeland Security Act, which mandates how federal agencies should protect their systems and information. It applies to all government agencies and “requires the development and implementation of mandatory policies, principles, standards and guidelines on information security.”
  • Health Insurance Portability and Accountability Act (HIPAA): Government organizations that provide healthcare must abide by this regulation. This security rule includes security and privacy rules, and addresses technical and non-technical safeguards
  • E-Government Act: This act covers management and promotion of electronic government services and processes by establishing a Federal Chief Information Officer (CIO) within the Office of Management and Budget (OMB). It also includes measures that require the use of internet-based information technology to enhance citizens’ access to government information and services.
  • Freedom of Information Act (FOIA): FOIA establishes the public’s right to obtain information from most, but not all, federal government agencies. Individual states have also passed their own FOIAs. While similar to the federal act, they are not identical.
  • Gramm-Leach-Bliley Act (GLBA): Also known as the Financial Services Modernization Act, GLBA’s Safeguard Rule requires organizations to maintain a written information security plan, explaining its approach for protecting clients’ nonpublic personal information.

DevOps Connect:DevSecOps @ RSAC 2022

Challenge 2: Resource allocation

The U.S. federal government spends big on headline solutions; the 2019 U.S. President’s budget includes $15 billion for cybersecurity, an increase of $583.4 million over 2018. State and local government agencies, however, are hard-pushed to secure critical data, infrastructure and services with much smaller budgets.

According to a statement by NASCIO, commercial enterprises typically spend around 10% of their overall IT budget on (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Susan Morrow. Read the original post at: