Federal Security Practitioners Admit: We’re Not Prepared to Meet Continuous Monitoring Deadline

SANTA CLARA, Calif., Dec. 14, 2011 /PRNewswire/ — In a blow to one of the key cyber-security initiatives advanced by White House leaders, federal IT security professionals admit that efforts to adopt continuous monitoring of security performance lag far behind the Obama administration’s expectations. Advanced by the White House as a primary national cyber-security initiative, an overwhelming majority of government practitioners now doubt their ability to fully implement continuous monitoring during fiscal 2012, according to a new survey published today by RedSeal Networks and Dimensional Research entitled, "Government Security Practitioner Survey: Countdown to Continuous Monitoring." Interviews with 234 IT security professionals at the 2011 7th Annual GFIRST National Conference found that only 28 percent of federal security executives feel their agencies will meet the OMB deadline for continuous monitoring.  Key highlights from the survey include:

  • Only 55 percent of all respondents said they either won’t be ready or don’t know if their organizations will be ready in September.
  • Only 22 percent of respondents said their agencies have already deployed continuous monitoring solutions.
  • An overwhelming majority 64 percent said that continuous monitoring and its increased use of security metrics will improve security management.

In addition, many government IT workers remain uncertain where their organizations stand in adopting continuous monitoring. Security professionals from nearly every major federal agency, along with many large government contractors, were among respondents to the RedSeal –Dimensional GFIRST survey. "Government security practitioners are under serious pressure to deliver metric-based security monitoring," said Dr. Mike Lloyd, Chief Technology Officer at RedSeal.  "Commercial and government organizations agree that continuous compliance and measurable security will help us respond to the onslaught of successful attacks and ongoing breaches that we are facing. So it’s disturbing that less than half of the agencies surveyed said they are ready to deliver the measurements required for the 2012 FISMA deadline." Other key findings of the survey: – The majority of the agencies represented, at 55 percent, stated they do not currently have the tools necessary to meet the OMB directive or are unaware if they do.

  • Only 33 percent of those small agencies participating indicated they will have required security measures in place to meet the deadline.
  • At least 33 percent of the government networks represented have over 100 devices that require security configurations
  • A full 25 percent of those agencies represented admitted that they didn’t know how many devices on their networks contain security policy enforcement.

"It’s extremely disappointing to see that even though the government issued these directives for continuous monitoring years ago, the people charged with implementation are not far enough along in acquiring or deploying the systems necessary to meet the requirements," said Major General John Casciano (USAF-Ret.), an advisor to RedSeal. "Perhaps even more troublesome, it’s clear that there’s still a fundamental lack of understanding of what continuous monitoring involves, with too many practitioners lacking an understanding of the proactive risk management element, versus monitoring packets in transit." Survey Methodology: The survey was administered to attendees at the 2011 7th Annual GFIRST National Conference.  It was conducted on the tradeshow floor in the RedSeal booth.   The research was commissioned to gather data on agencies’ ability to meet the 2012 federal security and monitoring mandates as outlined in the OMB and FISMA directives. This report was prepared in December 2011 based on responses from 234 security professionals.  The survey sponsor, RedSeal, was revealed to participants prior to their participation. Drawings for an iPad were offered to survey participation, but not required for eligibility. Follow this link to the full report: https://go.redsealnetworks.com/Surveys_LP_ContinuousMonitoring.htmlAbout Dimensional Research Dimensional Research® provides practical marketing research to help technology companies make their customers more successful.  Our researchers are experts in the people, processes, and technology of corporate IT and understand how corporate IT organizations operate.  We partner with our clients to deliver actionable information that reduces risks, increases customer satisfaction, and grows the business.  For more information visit www.dimensionalresearch.com. About RedSeal Networks, Inc. RedSeal Networks enables our customers’ IT security management and staff to continuously understand the security state and regulatory compliance of their network and information systems, recognize the resulting risk to their operations and assets, and identify and drive actions to improve security and reduce risk. Unlike systems that measure the impact of attacks after they occur, RedSeal analyzes the complex interaction of all network security controls, delivering in-depth understanding of security performance, continuous compliance, and actionable steps for risk remediation. For more information on RedSeal products please visit the company’s web site at www.redsealnetworks.com and follow us on Twitter @RedSealNetworks.   SOURCE RedSeal Networks, Inc.

About the author: Lee J

Security Analyst, Developer, OSINT, https://www.ctrlbox.com

Comments are closed.