Infosecurity (USA) - White House cybersecurity proposal shifts FISMA responsibility to DHS - 0 views
www.infosecurity-us.com/...ts-fisma-responsibility-to-dhs
security Privacy compliance FISMA DHS Best Practice
shared by sandy ingram on 07 Jun 11
- No Cached
-
This would in effect shift FISMA implementation responsibility away from the Office of Management and Budget (OMB) and the National Institute for Standards and Technology (NIST) to DHS, “where the knowledge of attacks informs the defense”, Paller said.
-
“DHS has already demonstrated that they are focusing on the critical controls....They are focusing on effectiveness measures, rather than make work”
-
The proposal would also expand the DHS authority over cybersecurity of private networks, particularly critical infrastructure. DHS would have the authority to develop and conduct risk assessments of private sector critical infrastructure systems and share information with the private sector about threats and best practices.
- ...5 more annotations...
-
“This brings the same rationality to offense informing defense. Instead of telling people that they have to have a good security plan, what DHS’s role will be is to demonstrate what best practices are and make sure people are measuring against those best practices”, Paller said.
-
The White House proposal would also create a national data breach notification requirement standardizing various state laws
-
“The administration's proposal would protect individuals by requiring businesses to notify consumers if personal information is compromised, and clarifies penalties for computer crimes including mandatory minimums for critical infrastructure intrusions.
-
The proposal would improve critical infrastructure protection by bolstering public-private partnerships with improved authority for the federal government to provide voluntary assistance to companies and increase information sharing.
-
It also would protect federal government networks by formalizing management roles, improving recruitment of cybersecurity professionals, and safeguarding the nation's access to cost-effective data storage solutions.”
-
The White House proposal, which is a comprehensive cybersecurity plan, includes a provision directing the Department of Homeland Security (DHS) "to exercise primary responsibility within the executive branch for information security. This includes implementation of information security policies and directives and compliance" with FISMA, except for national security systems.