Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] DHS vows to protect info on national database

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] DHS vows to protect info on national database
Date: Wed, 25 Jan 2006 00:34:45 -0600 (CST) 
http://www.washingtontechnology.com/news/1_1/daily_news/27812-1.html

By Alice Lipowicz
Staff Writer
01/24/06

The Homeland Security Department has stepped up assurances that it
will maintain the confidentiality of critical infrastructure
information submitted to the National Asset Database, according to the
newly revised draft National Infrastructure Protection Plan Base Plan
version 2.0.

DHS will evaluate all requests to view the database and will grant
access only to select DHS employees and others on a "tightly
controlled, need-to-know" basis, the revised plan states.

The new language is set forth in the 234-page national infrastructure
protection plan distributed by DHS this week. The plan was delivered
by e-mail via NIPP@dhs.gov.

The plan establishes a work and time frame for assessing
vulnerabilities and risks and coordinating protections for 17 critical
infrastructure sectors, including IT and telecommunications.  
Cybersecurity is treated as a cross-sector responsibility. The
department will accept comments until Feb. 6.

DHS' assurances about database access appear to address concerns
raised by IT executives and others over protecting confidentiality of
the information they might submit on specific vulnerabilities within
their sectors.

One fear raised by IT industry members is that disclosing weak spots
in their own networks may result in leaks that can be exploited by
competitors.

"We've been concerned about what [DHS] can do to protect the IT
infrastructure information and how they can help protect the critical
assets," said Greg Garcia, vice president of information for the
Information Technology Association of America in Arlington, Va., who
is involved with the IT Sector Coordinating Council organization
efforts.

IT industry members have asked for "originator control" for specific
information they provide to the database, so they can be assured of
its protection, Garcia said. However, that term does not appear in the
new document.

Garcia, contacted today, said he was still reviewing the language
proposed by DHS to give access on a need-to-know basis and to selected
employees only.

The new plan version updates an earlier 175-page draft National
Infrastructure Protection Plan released in November 2005. It reflects
changes in response to nearly 7,000 public comments received on the
previous version, according to a statement from DHS officials.

The new document also contains more information on cybersecurity
initiatives, international cooperation and the goal of resilience.  
"Resilient" and "resiliency" are mentioned 26 times in the updated
plan versus 18 times in the initial draft.

Other changes include a new executive summary, clarification of
all-hazards linkages, and explanations of requirements pertaining to
the risk management framework, according to DHS in a statement.



_________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] DHS vows to protect info on national database, InfoSec News <=
Previous by Date:  [ISN] Hacker who gave to poor gets on wrong side of law, InfoSec News
Next by Date:  [ISN] Linux struck by major security hole, InfoSec News
Previous by Thread:  [ISN] Hacker who gave to poor gets on wrong side of law, InfoSec News
Next by Thread:  [ISN] Linux struck by major security hole, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]