In most organizations, keeping business computer systems and infrastructure secure from intrusions and hacking is one of the most critical functions performed by IT staff. Now, new information emerging from the Government Accountability Office is indicating that the Department of Homeland Security could do far more to help with this task.
According to the GAO, most of the plans the government has prepared to protect computer infrastructure fail to provide clear enough advice when it comes to the area of cyber security. “Given the plethora of guidance available, individual entities within the [private] sectors may be challenged in identifying the guidance that is most applicable and effective in improving their security posture," wrote Gregory Wilshusen, who serves as the director of information security issues at the GAO. "Improved knowledge of the guidance that is available could help both federal and private-sector decision makers better coordinate their efforts to protect critical cyber-reliant assets.”
The DHS has already begun to coordinate with a public-private organization known as the Critical Infrastructure Partnership Advisory Council. Part of the work planned is a determination as to whether each type of industry need to have separate cyber security standards. This is somewhat typical in the private sector already, where skilled managed programs experts visit on a regular basis to tailor security protocols and procedures to the needs of a given business. Some business sectors are regulated and must comply with specific computer security mandates as they implement IT solutions, while others are able to adopt security measures on a voluntary basis.