[ISN] Security bosses feel patch pain

InfoSec News isn at c4i.org
Tue Nov 23 06:24:38 EST 2004


By Florence Olsen 
Nov. 22, 2004

A survey to be released today cites patch management as the No. 1
concern of chief information security officers in the federal

The survey, conduced by O'Keeffe & Co. for Intelligent Decisions, a
federal systems integrator, highlights the day-to-day concerns of
federal CISO's and the effects that the Federal Information Security
Management Act has had on them professionally.

"The fact that they're saying software quality and patch management
are way up there in terms of their pain — that's a pretty clear
message to the vendor community that we need to figure out how to
solve that problem," said Ted Ritter, director for cybersecurity at
Intelligent Decisions.

In the survey results, achieving FISMA compliance and avoiding a
compromised network tied for second place among the concerns of
federal CISOs.

The survey results also showed CISOs spending a large portion of their
time on administrative activities related to FISMA compliance, with
the burden falling heaviest on those whose average full-time staff
size is 2.6 employees. Federal CISOs who control a budget of less than
$500,000 spend 45 percent of their time on FISMA compliance reporting
and only 15 percent of their time on network security monitoring and
inventory control.

By contrast, CISOs who control a budget of more than $10 million spend
27 percent of their time on FISMA compliance reporting and an equal
amount of time on network security monitoring, systems administration
and trouble shooting.

The telephone survey was based on interviews with 25 out of 117
federal CISOs.

More information about the ISN mailing list