Thursday, September 16, 2010

Beyond FISMA: State Dept.'s Next Gen Metric - Interview with John Streufert, State Department Deputy CIO and CISO

To get a peak as to how IT security will be measured after FISMA, take a look at what's happening at Foggy Bottom.

The State Department in 2006 instituted its Risk Scoring Program, which is aimed at pinpointing and correcting the worst vulnerabilities on any particular day on any of its worldwide systems and networks.

John Streufert, the State Department deputy chief information officer and chief information security officer, says in an interview with GovInfoSecurity.com that the daily monitoring of IT vulnerabilities under Risk Scoring truly measures systems and network security as compared with the once-every-three-year assessment required by the Federal Information Security Management Act of 2002. Because of Risk Scoring, overall risk on State's key unclassified network has plunged by more than 80 percent in the past year.




No comments:

Post a Comment