A new study shows that many IT security and compliance workers employed by the US government and contractors name the dysfunctional Congress and poor governance “the biggest security threat” they face.On the other hand, of the 111 respondents that took part in the study conducted by Tripwire and the Government Technology Research Alliance (GTRA), 60% believe that the new NIST framework will be highly beneficial for security.
Furthermore, 55% believe that the current administration’s policies have led to improvements in IT security. Continuous monitoring efforts have resulted in risk reduction, 46% of the respondents said.
“Cybersecurity continues to be one of the top priorities of senior executives in the federal government,” commented NIST’s Ron Ross.
“Studies, such as this one, bring together important data points that help decision makers assess trends and take part in an ongoing dialog that will help us craft effective solutions to our difficult and challenging cybersecurity problems.”
When asked about the challenges they face, almost half of respondents said the biggest problem with implementing cybersecurity programs was funding. Only 37% have the resources they need to properly implement policy.
“It is encouraging that government security and compliance professionals are seeing benefits from continuous monitoring and that they are optimistic about future improvements through the new NIST framework. However, the survey results highlight the fact that resource constraints are a significant inhibitor to stronger security,” said Dwayne Melancon, chief technology officer for Tripwire.
“Unfortunately, it seems that agencies still fear the auditor more than the adversary. Their biggest concern is becoming compliant, and while compliance can help improve security, it is not the most significant threat to achieving the mission for most organizations.”
The complete study can be downloaded from Tripwire’s website (registration required).