In a sign that the traditional information security audit was failing to control increasing cyber-risk, the Office of Management and Budget has ordered federal agencies to adopt a real-time approach to cyber threats. In a memo issued Wednesday, Agencies will be expected to constantly collect information on cyber threats and submit it to the Homeland Security Department, which will analyze the data and offer advice on best practices.
"Agencies have spent too much time, money and energy on generating paperwork that they end up filing away in these secure cabinets and they don't end up protecting systems," said Vivek Kundra, the government's chief information officer, in an interview published in Federal Times.
Kundra and Howard Schmidt, White House Cybersecurity Coordinator, said that the new policy points toward continuous monitoring and patching of federal systems, and also toward the deployment of cybersecurity systems that better position the government against constantly evolving threats.
Read the entire story and download the OMB Memo at Information Week ...