Striper Talk Striped Bass Fishing, Surfcasting, Boating - View Single Post

The Dad Fisherman · 05-01-2009, 07:14 AM

I don't see anything wrong with this bill. With the accelerating level of cyberattacks out there this looks like a good 1st step in the process of defending against them. This bill isn't aimed at all of the internet, it is aimed at Internet accessability by Federal Agencies, Government Contractors, and companies deemed Vital (Telephone, Electrical, and other Infrastructure services).

there are a lot of good things that are in this bill.

1st Establishing a board who's main purpose is Standardizing a group of procedures and policies that these groups will operate under (No different then any other large company in Corporate America)

2nd is setting up a certification program to make sure that all Security Professionals are trained, certified and re-certified to maintain a high level of knowledge. I am already seeing this where I'm working now...most of the higher level IT admins are being required to be CISSP certified. I have been told that I need to be MCSA+ Security certified by end of August.

3rd They are requiring Software companies to Validate their applications for security flaws before the are purchased for use on the Government Networks. Everytime you introduce new S/W you introduce the possibility of new vulnerabilities. This will require software companies to spend extra time fixing Security Vulnerabilities and not just selling functionality.

4th It lays the ground work to keep and maintain a Trained and certified security workforce. We all know that the nature of IT is to move around a lot....they are addressing this by setting up programs that will keep new and highly trained people entering the security force.

5th they are establishing a process to actually monitor to make sure these procedures are being implemented. This is our national security we are talking about and it need to be constantly monitored.

I know people tend to freak out when they hear Government and IT in the same sentance and start thinking "Big Brother" but I don't see that in this bill. Thought it might of been in paragraph 17 but after re-reading it, once again, it pertains to Federal Agencies, Government Contractors and Vital Systems. This was nothing more than your typical "Acceptable Use" Policy that most companies have.

05-01-2009, 07:14 AM	#4
The Dad Fisherman Super Moderator iTrader: (0) Join Date: Sep 2003 Location: Georgetown MA Posts: 18,178	I don't see anything wrong with this bill. With the accelerating level of cyberattacks out there this looks like a good 1st step in the process of defending against them. This bill isn't aimed at all of the internet, it is aimed at Internet accessability by Federal Agencies, Government Contractors, and companies deemed Vital (Telephone, Electrical, and other Infrastructure services). there are a lot of good things that are in this bill. 1st Establishing a board who's main purpose is Standardizing a group of procedures and policies that these groups will operate under (No different then any other large company in Corporate America) 2nd is setting up a certification program to make sure that all Security Professionals are trained, certified and re-certified to maintain a high level of knowledge. I am already seeing this where I'm working now...most of the higher level IT admins are being required to be CISSP certified. I have been told that I need to be MCSA+ Security certified by end of August. 3rd They are requiring Software companies to Validate their applications for security flaws before the are purchased for use on the Government Networks. Everytime you introduce new S/W you introduce the possibility of new vulnerabilities. This will require software companies to spend extra time fixing Security Vulnerabilities and not just selling functionality. 4th It lays the ground work to keep and maintain a Trained and certified security workforce. We all know that the nature of IT is to move around a lot....they are addressing this by setting up programs that will keep new and highly trained people entering the security force. 5th they are establishing a process to actually monitor to make sure these procedures are being implemented. This is our national security we are talking about and it need to be constantly monitored. I know people tend to freak out when they hear Government and IT in the same sentance and start thinking "Big Brother" but I don't see that in this bill. Thought it might of been in paragraph 17 but after re-reading it, once again, it pertains to Federal Agencies, Government Contractors and Vital Systems. This was nothing more than your typical "Acceptable Use" Policy that most companies have.
	"If you're arguing with an idiot, make sure he isn't doing the same thing."