By Paul Kurtz

(Editor’s note: Paul Kurtz, COO of Good Harbor Consulting, LLC, recently testified before multiple House Subcommittees regarding the future of FISMA - The Federal Information Security Management Act. We have published an edited version below, you can also download the full testimony in PDF format)

Click here for complete FISMA Testimony of Paul Kurtz

I am here today to talk about how certain information security developments in the private sector may have an impact on the future of the Federal Information Security Management Act (FISMA) and follow-on information security regulations and controls. FISMA is a good first step in what will surely be a long – and increasingly collaborative – process between the public and private sectors in safeguarding the integrity of the Federal IT infrastructure. However, as timely and well intentioned as FISMA was in 2002, the current law must evolve if it is to be effective in light of new technology and continually emerging threats.

First, I will address the strengths and weaknesses of FISMA as it is currently implemented. Second, I will discuss how changes in the private sector will be a strong factor in how FISMA and general IT security measures within the public sector evolve in coming years. Three specific trends are:

• The need for greater empowerment of federal Chief Information (Security) Officers
• The changing nature of IT and information security
• The global drive towards common security standards

(more…)