We give the federal government data all the time. How well do they safeguard it? Here's a report, authored by Republican Representative Tom Davis, ranking minority member of the House Committee on Oversight and Government Reform, reported on in Ziff Davis' Digital Infrastructure Zone. The quick pic: [attachmentid=7970] There, now don't you feel better? VA, Treasury, State, NRC, Interior, Education, Defense, Commerce, Agriculture, NASA, Homeland Security — who has anyting to do with them?
<div class='quotetop'>QUOTE(Bill Merchant @ May 11 2007, 03:00 PM) [snapback]440157[/snapback]</div> Although, from what I've read on this, this is a grade not on their actual security, but on whether they turned in a report on their security. Critics of the process have called the annual FISMA reports more of a paperwork exercise than an accurate representation of the security of federal agencies' computers and networks. They say the reports do not require or give agencies credit for taking certain types of security precautions, such as penetration tests to locate gaps in security defenses. http://www.washingtonpost.com/wp-dyn/conte...7041201010.html
<div class='quotetop'>QUOTE(Bill Merchant @ May 15 2007, 04:50 PM) [snapback]442761[/snapback]</div> No of course not -- didn't mean that. I just wanted to bring up the point that this was a grade on a paper report rather than on an actual test of network security. If the grade was based on an actual test of security, I would find it a great deal more alarming.
I do some occasional contract work for FEMA, under DHS. Though I've been doing the work for almost 7 years, it's been only in the last few months that they've decided to do a background check on all of us (go figure!). I recently had to complete an extensive online form to provide information for the investigation. In addition (apart from that), I have to register in the federal government's Central Contractor Registration database, which contains a variety of personal and private information. I hope Scott's right.
