A new report out from the Office of the Inspector General claims the Nuclear Regulatory Commission’s cybersecurity center isn’t optimized to protect the agency’s network in the current cyber threat environment. The nation’s unclassified nuclear computer systems are vulnerable to cyber attacks because of generic security contracts that don’t spell out who is responsible for keeping an eye on them. Tim Erlin, director of IT security and risk strategy for Tripwire have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :
“It’s always less costly to build security in from the beginning instead of bolting it on at the end. This adage is true of both code and contracts. When IT outsourcing relationships are formed, information security is rarely at the top of the list of priorities.
Securing computing systems isn’t a static task that can be easily described in contractual language. While there are best practices that can be specified, a reference to an established framework that can keep up with the changing threat environment may be a better approach.”[/su_note]
[su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.