Study Reveals Software Quality Concerns

Significant FISMA Disconnect Is the Cure Worse Than the Disease?

Intelligent Decisions, Inc., a systems integrator in the Washington, D.C., metropolitan area, announced the results of its first annual Federal Chief Information Security Officer (CISO) Study. Across the board, Federal CISOs ranked patch management as their number-one security concern pointing directly to significant issues with commercial software quality. The study highlights cyber attack preparedness, Federal Information Security Management Act (FISMA) compliance, and network compromise among major concerns that keep CISOs up at night.

The Intelligent Decisions Federal CISO Study, based on telephone interviews with 25 of the total population of 117 Federal agency CISOs, is based on the first empirical survey of these executives. The goal of the Study is to examine the role of the Federal CISO and to understand their daily duties, budget, and management responsibilities. The study outlines current and future IT security priorities, trends, concerns, as well as attitudes toward commercial security vendors.

The study reveals a class divide among Federal CISOs those who control less than $500,000 and those who control more than $10 million in annual information technology (IT) spending. The security have nots are loaded down with administrative tasks and challenged to get to strategic security management functions. This class of CISOs devotes 45 percent of its time to FISMA compliance reporting an administrative task and just 22 percent of its time to the high-value security management functions architecture development, inventory control, and vendor collaboration that FISMA is supposed to encourage. The security haves spend 27 percent of their time on FISMA compliance reporting. This class devotes almost 50 percent of its time to high-value security management functions.

It is clearly time for private industry to get serious about software quality, said Harry Martin, president, Intelligent Decisions. CISOs rank product quality and past performance as the two most important criteria for evaluating vendors and solution providers. The weight of mechanical FISMA compliance reporting is clearly an issue for smaller agencies. Sixty-three percent of Federal CISOs at small agencies are calling industry to develop a real-time FISMA compliance tool. It would be logical to develop such an offering as a managed service to reduce the financial and administrative burden on these smaller agencies.

Other key study findings:

CISOs who control less than $500,000 annually:

Spend 45 percent of their time on FISMA compliance reporting, 13 percent on troubleshooting, nine percent on network monitoring, nine percent on collaborating with vendor/contractor partners, eight percent on system administration, six percent on architecture development, and six percent on inventory control

Consider the top three most important products/services to their agency to be network security/firewalls, intrusion detection/prevention systems, and authentication/PKI/encryption devices

Supervise 2.6 dedicated IT staff on average

Have served 3.2 years in their position on average

CISOs surveyed who control more than $10 million:

Spend 27 percent of their time on FISMA compliance reporting, 18 percent on collaborating with vendor/contractor partners, 18 percent on troubleshooting, 15 percent on architecture development, 12 percent on inventory control, nine percent on network monitoring, and zero percent on system administration

Consider the top three most important products/services to their agency to be authentication/PKI/encryption devices, biometrics for user log-on authentication, and security information management tools

Supervise 16.7 dedicated IT staff on average

Have served three years in their position on average

For study results, visit: http://www.govpro.com/ASP/ViewArticle.asp?strArticleId=104188

About Intelligent Decisions

Intelligent Decisions (ID) is a certified small, minority-owned business and a provider of comprehensive IT solutions. For more than 15 years, ID has solved clients most challenging IT problems by leveraging its core areas of expertise in data lifecycle management; cyber and physical security; network operations; product solutions; contract manufacturing; and specialized security services supporting the Intelligence community.

To support federal procurement requirements, ID manages a robust GSA Schedule, Government Wide Acquisition Contracts (GWACs) including SEWP III, ECS III and ADMC-1 and a significant number of agency Blanket Purchase Agreements (BPAs). For more information about ID, visit http:// www.intelligent.net or call toll-free 800-929-8331.