The survey by IT consulting firm Intelligent Decisions Inc. was conducted with the participation of 25 government CISOs. Their concerns over patch management outweighed unease about network compromises, compliance with the Federal Information Security Management Act, cyberattack preparedness, critical infrastructure protection, and the impact of downtime of their business-technology systems.
"Patch management ranked so high because it touches every part of their infrastructure, and there are so many patches coming out that everyone is worried whether or not they're keeping up," says Ted Ritter, director of cybersecurity for Intelligent Decisions.
The survey also showed that, on a typical day, federal CISOs spend three hours completing compliance reports, and roughly one hour per each day is spent on troubleshooting, system administration, and collaborating with vendors. About 30 minutes each day is spent on network monitoring, architecture development, and inventory.
The survey results demonstrate the obstacles of maintaining IT security within the federal government. Says Ritter: "It's clear that CISOs are bogged down on administrative tasks and have precious little time to work on improving their overall security."