Around 30 agency chief information security officers gave the
federal computer security report card a grade of C, according
to a survey of 26 federal CISOs conducted by the Telos
Corporation, a provider of “secure enterprise solutions” to the
federal government.
The survey revealed that CISOs support the intent of FISMA,
but question its effectiveness, and noted that while the
report card does tend to focus attention on computer
security, ultimately the grades do not determine IT security
funding and are therefore of limited impact.
“If there are no incentives for agencies to continue to
comply with FISMA requirements, what is the point?” said
Richard P. Tracy, chief security officer, Telos Corporation.
“This study suggests that CISOs have feedback that would be
useful for increasing the effectiveness of risk management.”