Much has been made of President Obama’s “ten-point” information security plan, some good, some bad. It gained front-page news last month as information compromises seem to be spiraling out of control. This initiative has largely been praised by those in the information security community, as the government is placing a high priority at keeping electronic information safe. A few observations from Obama’s plans:
- Perhaps the most celebrated point of this plan is to appoint one person in charge of the national cybersecurity program. This way, there is one so-called “cyber-czar” with chief accountability to ensure that actions are being executed.
- The ten-point plan describes cybersecurity as, in the words of GovInfoSecurity.com, a “key management priority” that will utilize performance metrics. It will be especially interesting to see how the success of this undertaking will be measured.
- The plan prioritizes public awareness and education toward information security over the internet. Currently, many cybercriminals are realizing the easiest way to compromise data is not through the weakness in the technological infrastructure, but the weakness and ignorance by the people using the information systems through social engineering tactics.
An educated and aware populace will ideally be one of the keys to securing data online. For example, this week Australia promoted “Change Your Password Day” with a self-explanatory call to action. It is also notable to add that in a recent study, a high percentage of systems users had very simple passwords for them to remember—and for others to guess. Sixteen percent of users, according to a Cyber-Ark study had the user’s first name as their password.
- The plan also emphasized the United States to reach out internationally for these initiatives, which is important. Several major cyber-fraud plots have been perpetrated overseas, and some Russian and Ukrainian hackers are hailed as heroes for usurping money from wealthy Westerners. This incentive to steal can be counteracted by harsher penalties by their own country. Though they certainly will not completely eliminate the problem, strong global measures against cyber-fraud will help create a disincentive to carry out intricate hacking and social engineering activities.
GraVoc Associates, Inc, celebrating fifteen years of business in Peabody, MA, is committed to serving clients in three areas: Information systems, technology and professional services, and information security. GraVoc occasionally uses the GraVoc News Blog to alert information security clients on certain items of interest. To learn more about GraVoc’s products and services, please visit GraVoc.com.