Federal CISOs Rank Patch Management As Biggest Obstacle
Survey by Intelligent Decisions indicates that patch management leaves less time for chief information security officers to work on improving overall security.
Patch management is the biggest problem facing many federal chief information security officers, shows a study released today.
The survey by IT consulting firm Intelligent Decisions Inc. was conducted with the participation of 25 government CISOs. Their concerns over patch management outweighed unease about network compromises, compliance with the Federal Information Security Management Act, cyberattack preparedness, critical infrastructure protection, and the impact of downtime of their business-technology systems.
"Patch management ranked so high because it touches every part of their infrastructure, and there are so many patches coming out that everyone is worried whether or not they're keeping up," says Ted Ritter, director of cybersecurity for Intelligent Decisions.
The survey also showed that, on a typical day, federal CISOs spend three hours completing compliance reports, and roughly one hour per each day is spent on troubleshooting, system administration, and collaborating with vendors. About 30 minutes each day is spent on network monitoring, architecture development, and inventory.
The survey results demonstrate the obstacles of maintaining IT security within the federal government. Says Ritter: "It's clear that CISOs are bogged down on administrative tasks and have precious little time to work on improving their overall security."
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?