Denial of Service
The largest and most sophisticated denial of service attack I am aware of occupied the National Laboratories yesterday. Would you care to guess who did it?
posted by IT Policy @ 5:56 PM
0 Comments
IT Policy at LBL, Berkeley Lab
Office of the Liaison Policy Blog for Information Technology Policy issues at LBL including FISMA, Clinger-Cohen, Enterprise Architecture, University of California IT Policy, Security, Cybersecurity, and more. Disclaimer: Some components of this blog may not represent the official position of the University or the CIO and they most certainly do not represent the position of the DOE.
Thursday, May 22, 2008
Wednesday, May 7, 2008
Live from the NSF Large Facilities Conference
I'm in DC for the NSF Large Facilities Security conference. Excellent keynotes this morning (if a little depressing) and an enjoyable roundtable going on now. More on these a bit later, but in the meantime, here is the entirety of the NSF regulation on cyber security:
54.
Information Security
Security for all information technology (IT) systems employed in the performance of this award, including equipment and information, is the awardee’s responsibility. Within a time mutually agreed upon by the awardee and the cognizant NSF Program Officer, the awardee shall provide a written Summary of the policies, procedures, and practices employed by the awardee’s organization as part of the organization’s IT security program, in place or planned, to protect research and education activities in support of the award.
The Summary shall describe the information security program appropriate for the project including, but not limited to: roles and responsibilities, risk assessment, technical safeguards, administrative safeguards, physical safeguards, policies and procedures, awareness and training, and notification procedures in the event of a cyber-security breach. The Summary shall include the institution’s evaluation criteria that will measure the successful implementation of the IT Security Program.
In addition, the Summary shall address appropriate security measures
required of all subawardees, subcontractors, researchers and others who will have access to the systems employed in support of this award.
The Summary will be the basis of a dialog which NSF will have with the awardee, directly or through community meetings. Discussions will address a number of topics, such as, but not limited to, evolving security concerns and concomitant cyber-security policy and procedures within the government and at awardees' institutions, available education and training activities in cyber-security, and coordination activities among NSF awardees.
Why can't DOE have this?
Labels: doe nsf, fisma, laboratories
posted by IT Policy @ 10:28 AM
0 Comments
Links
Previous Posts
- Denial of Service
- Live from the NSF Large Facilities Conference
- Random Bits
- NIST it by that much redux.
- A hundred small conservative decisions, and the im...
- First Quarter Preliminary Reportcards
- Winter Reading List
- Audit of the Department's Websites
- This is a test.
- UC Trust
Archives
- June 2007
- July 2007
- August 2007
- September 2007
- October 2007
- November 2007
- December 2007
- January 2008
- February 2008
- April 2008
- May 2008
- Current Posts
Subscribe to
Posts [Atom]