Feb 02 2008

Security Quest

In an age of ever-evolving systems capabilities, the quest for security never ends. As soon as one area of vulnerability is addressed, another attack emerges that no one quite anticipated. It’s just the nature of the game.

IT administrators face the daunting task of ensuring that they explore every possible avenue to foil hackers, short-circuit information crooks, thwart terrorists from causing untold mayhem, protect networks from nonmalicious security lapses from within and simply make sure we don’t inadvertently lose vital information.

In “Tools of the Trade,” FedTech spoke to five federal IT security executives about their strategies and the tools they use to arm themselves against potential threats. Not surprisingly, these IT security chiefs report that the most important weapon in their arsenals isn’t the products they use, but dedicated and trained personnel and end users.

Team Tactics

It’s an experienced security staff that makes the difference when separating false alarms from real threats, points out Lou Magnotti, chief information security officer for the House of Representatives.

If money were no object, CISO John Hannan says he would invest in “training and more training” for his crack team at the Government Printing Office.

Tom Madden, CISO at the Centers for Disease Control and Prevention, concurs. Madden invests as heavily in training for his staff as he does in tools to protect sensitive personal information.

Over at the Postal Service, CISO Pete Stark takes a layered approach to security but keeps focused on protecting the devices on the network perimeter with full-disk encryption. In terms of tools that make a security difference, Dara Murray, CISO at the Health and Human Services Department, puts tokens and smart cards for deploying technology to remote workers on her wish list.

But when it comes to managing enterprise security, tools that are increasingly important to federal security officers include intrusion detection systems, desktop and network firewalls, encryption tools, log reports for detecting anomalies and suspicious activity, and automated alarms for keeping IT informed whenever a hack occurs. For the full story, go here.

In the past, security tools loaded on the perimeter of servers and gateways were sufficient. But as the network perimeter evolves and more data resides elsewhere, protecting the perimeter is as tricky as defining it. Luckily, the IT pros charged with this task are well-equipped.

Lee Copeland signature

Lee Copeland

Editor in Chief

Really in the Field

About two years ago, I had the pleasure of interviewing Lisa Schlosser, CIO for the Housing and Urban Development Department. She had just finished her first year on the job at HUD, though she had spent her entire career in information technology, serving in the private sector with Ernst & Young and as an intelligence officer in the Army. As the incoming CIO, Schlosser faced a number of challenges at HUD, including failing grades from the Office of Management and Budget on the agency’s security certifications and systems accreditation. She was off to a great start on improving HUD’s OMB grades — the agency went from a red to a green rating during her first year at the helm — when Hurricane Katrina struck, providing another opportunity to sharpen her management skills.

But, Schlosser’s work at HUD was put on hold when she was called up to serve as an Army reservist in Operation Iraqi Freedom. Today, Maj. Schlosser manages IT with the 1st Information Operations Command, Regional Computer Emergency Response Team in Kuwait, supporting U.S. military forces in cyberspace. Surprisingly, many of the challenges Schlosser faces overseas are similar to the ones federal IT professionals face on U.S. soil: system availability, data security and Internet access. For more on her story, turn to “CIO on the Front Line."

<p>Photo: Orlando Copeland</p>

Related Articles

Close

Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT

Subscribe Now