Telos Study Reveals Strong Chief Information Security Officer Support For FISMA Intent, Questions about Effectiveness; Federal CISOs ''Grade'' Federal Computer Security Report Card - C

Business Wire, Feb 16, 2005

ASHBURN, Va. -- Telos(R) Corporation, a leading provider of government-validated, secure enterprise solutions, today announced the results of its first Federal Computer Security Report Card Chief Information Security Officer (CISO) Study. Federal CISOs gave the Federal Computer Security Report Card a C grade. Specifically, CISOs note that while the Report Card successfully focuses attention on federal computer security, there is significant room to improve evaluation criteria and establish a more linear connection to agency funding.

Agency grades in the Federal Computer Security Report Card, issued annually by the Government Reform Committee, are largely based on FISMA security evaluations as defined in the Federal Information Security Management Act (FISMA) of 2002. FISMA evaluations are administered by the Office of Management and Budget.

"Considering operational responsibility for federal agency IT security, the buck stops with the CISO on a day-to-day basis," said Representative Tom Davis (R-Va.), chair of the House of Representatives Government Reform Committee. "This study provides an important representative voice for the CISO community to ensure that FISMA's purpose is not lost in the process."

CISOs attribute this year's overall improvement in Report Card grades to, among other things, an enhanced agency management focus on security and system certification and accreditation streamlining.

While 60 percent of CISOs assert that FISMA and the Federal Computer Security Report Card grades provide valuable insight into agency computer security, an equal number question the impact of Report Card grades on agency budgets - noting that agency IT security funding is not affected by Report Card grades. Considering the impact at the broader IT funding level, 70 percent of CISOs assert that poor Report Card grades have no impact on overall agency IT funding.

"If there are no incentives for agencies to continue to comply with FISMA requirements, what is the point?" said Richard P. Tracy, chief security officer, Telos Corporation. "This study suggests that CISOs have feedback that would be useful for increasing the effectiveness of risk management."

Other key Federal Computer Security Report Card CISO Study findings include:

--  Sixty three percent of CISOs report an improved Report Card
        grade this year, citing as the top reasons for improvement:

        --  Establishing enforceable internal IT security policies
            that reflect FISMA compliance goals - 50 percent

        --  Devoting more resources to certification and
            accreditation - 40 percent

        --  Emphasizing cyber security within their internal
            workforce - 33 percent

        --  Streamlining the certification and accreditation
            process - 30 percent

    --  To improve the value of FISMA and the associated Report Card,
        CISOs recommend that OMB considers clarifying FISMA language
        guidelines (70 percent) and providing improved guidance on the
        annual agency security control tests (53 percent)

    --  While FISMA requires direct CISO-to-CIO reporting, today
        almost a quarter of CISOs still do not report directly to
        their agency's CIO

Results of the Federal Computer Security Report Card CISO Study are based on telephone interviews with 26 percent of the nation's federal agency CISOs - individuals charged with securing the federal government's computer networks.

To download the full findings of Telos' Federal Computer Security Report Card CISO Study, please visit the Spotlights section on www.telos.com.

About Telos

Telos Corporation has provided innovative IT solutions and services to the federal government for more than 30 years. Telos and Xacta Corporation, its subsidiary for security solutions, have since 1989 ensured that the government's most security-conscious organizations comply with demanding federal and DoD information security mandates. Xacta's offerings include enterprise IT security management solutions, enterprise security consulting services, secure wireless networking, enterprise messaging, and secure credentialing solutions. Its solutions are represented to the federal government on Telos' GSA schedule. For more information, visit www.telos.com.

"Telos" is a registered trademark of Telos Corporation. All other product, service, and company names are trademarks or registered trademarks of their respective holders.