Resources for Federal Information Security Management Act (FISMA)

OMB reports 60 percent increase in information security incidents

www.govexec.com

The number of information security incidents reported by federal agencies jumped from 5,146 in fiscal 2006 to 12,986 last year, with a 70 percent increase in unauthorized access to federal networks alone, according to a report from the Office of Management released Saturday.

The results -- which also show a sharp increase in reports of improper usage due mostly to a security breach at the Veteran Affairs Department -- reflect better detection of threats, but also call into question the effectiveness of systems for certifying agencies' information security.

OMB submitted its fiscal 2007 report on the implementation of the 2002 Federal Information Security Management Act to Congress Friday. Under the law, chief information officers and inspectors general are required to conduct annual reviews of their agencies' information security programs.

FISMA also requires agencies to document and implement procedures for detecting, reporting, and responding to security incidents, and to notify the United States Computer Emergency Readiness Team when they occur. According to the report, agencies documented 2,321 incidents of unauthorized access in fiscal 2007, up from 706 in 2006, and 3,305 incidents of improper usage of networks, compared to 638 the previous year. Two-thirds of the latter jump stemmed from incidents at the VA.

View the Resource

Share or bookmarklet this web page at: