|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dataloss] OMB tightens IT security incident rules
From: lyger (lyger
attrition.org)
Date: Fri Jul 14 2006 - 06:07:47 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Courtesy InfoSec News and WK:
http://www.gcn.com/online/vol1_no1/41334-1.html
By Mary Mosquera
GCN Staff, 07/13/06
Agencies must now report all security incidents involving personally
identifiable information within one hour of discovering the incident, the
Office of Management and Budget said in a memo tightening information
security notification procedures.
OMB also added new requirements for incorporating the cost of security in
agency IT investments for fiscal 2008 IT budget submissions.
The Federal Information Security Management Act of 2002 requires all
agencies to report security incidents to the U.S. Computer Emergency
Readiness Team (US-CERT) within the Homeland Security Department.
Procedures require agencies to report according to various time frames
based on the type of incident.
OMB has strengthened notification procedures by making the one-hour
requirement standard for both electronic and physical security, and for
suspected as well as confirmed security breaches.
You should report all incidents involving personally identifiable
information in electronic or physical form and should not distinguish
between suspected and confirmed breaches, said Karen Evans, OMB
administrator for e-government and IT in the memo dated yesterday.
[...]
_______________________________________________
Dataloss Mailing List (datalossattrition.org)
http://attrition.org/errata/dataloss/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]