Second Federal CISO Study Reveals Concerns

CISOs concerned over wireless security standards, software quality concerns

"Federal CISOs have spoken loud and clear that it is well past the time for private industry to get serious about software quality," said Harry Martin, president, Intelligent Decisions. "Despite larger budgets and dedicated IT staff, Federal CISOs at larger agencies are becoming just as pressed as small agency CISOs to perform the strategic security management role that FISMA envisioned. Finally, given the scattered deployment of wireless security controls, questions remain as to whether Federal agencies are sufficiently prepared for mandatory standards."

Study Highlights:

  • The FISMA burden continues to grow as Federal CISOs now spend an average of 3.75 hours per day on compliance activities compared to 3.06 hours per day in the first study.
  • The top three trends Federal CISOs anticipate increasing over the next 12 months include: expanding utilization of wireless networks and mobile devices, single sign-on/multifactor authentication, and convergence of database and network security.
  • The top three products Federal CISOs consider most important to their agencies include: network security/firewalls, disaster recovery/continuity of operations planning, and authentication/PKI/encryption devices.
  • The top three activities Federal CISOs identify as the most important for the private sector to consider include: increasing software quality assurance, developing a real-time FISMA compliance tool, and offer guaranteed levels of protection for managed security services.
  • The top three general security concerns of Federal CISOs include: network compromise, patch management, and FISMA compliance.
  • The top three wireless security concerns of Federal CISOs include: unauthorized wireless access points, preventing unauthorized wireless deployments, and rogue WiFi devices.
  • 54 percent of agencies maintaining wireless networks have not implemented the four basic wireless security controls NIST recommends. This finding suggests that the absence of clear, mandatory controls has led to a FISMA disconnect on wireless security, with many Federal agencies failing to ensure that proper controls were in place before rolling out wireless networks.

To download the fully study, go to: