Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] OMB emphasizes data security guidance

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] OMB emphasizes data security guidance
Date: Tue, 27 Jun 2006 00:27:45 -0500 (CDT) 
http://www.gcn.com/online/vol1_no1/41169-1.html

By Mary Mosquera
GCN Staff
06/26/06

The Office of Management and Budget today provided a checklist of best 
practices that agencies must have in place in 45 days to compensate 
for the absence of physical security controls when employees remove 
information or access it from outside of agency premises. 

Most departments should already have the measures recommended by the 
National Institute of Standards and Technology in place, according to 
Clay Johnson, OMB deputy director for management. 

"We intend to work with the inspectors general community to review 
these items, as well as the checklist, to ensure we are properly 
safeguarding the information the American taxpayer has entrusted to 
us," he said in the memo dated June 23 [1]. 

Besides the checklist, agencies also by early August must encrypt all 
data on mobile devices that carry sensitive data and allow remote 
access only with two-factor authentication. One of those factors 
should be provided by a device separate from the computer gaining 
access. Agencies will implement a "time-out" function for remote 
access and mobile devices users, who will need to re-authenticate 
after 30 minutes of inactivity. Agencies will log all 
computer-readable data extracts from databases holding sensitive 
information. They must verify that each extract of sensitive data has 
been erased within 90 days or its use is still required. 

OMB provided sample privacy documents for system of records notices 
for personnel security files, identity management systems, identity 
card proofing and Privacy Act statement and a Privacy Act statement 
for users of personal identity verification cards. 

Rep. Tom Davis (R-Va.), chairman of the Government Reform Committee, 
applauded OMB's memo. 

"Today's action by the Office of Management and Budget to reinforce 
security standards for sensitive information controlled by the federal 
government is a sensible step, given the various data breaches we have 
seen in recent weeks," he said. "[G]iven the spotty record of 
compliance [with the Federal Information Security Management Reform 
Act] we have seen among the agencies, I sincerely hope this action 
leads to both better results and better practices-and if not, perhaps 
Congress will have to step in and mandate specific security 
requirements." 

[1] http://www.whitehouse.gov/omb/memoranda/fy2006/m06-16.pdf



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] OMB emphasizes data security guidance, InfoSec News <=
Previous by Date:  [ISN] Crypto utopia Sealand ravaged by fire, InfoSec News
Next by Date:  [ISN] Sitting Ducks at Sandhurst, InfoSec News
Previous by Thread:  [ISN] Crypto utopia Sealand ravaged by fire, InfoSec News
Next by Thread:  [ISN] Sitting Ducks at Sandhurst, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]