FEATURE ARTICLE

October 2005

What Can Be Done to Increase Info Security?

• Think about information security from the start of a program, rather than trying to add it close to the conclusion. To do otherwise is to invite delays in product development timelines, or fielding a flawed product. “Security cannot be bolted on at the end.”


• Consider including Information Security Systems Engineers in developing products from early stages. “The good news is that we’re starting to see the idea of ISSEs … come back into vogue.”


• Educate anyone connected with the project on ways to beef up security. This includes physical access as well as information technology measures.


• Don’t fall for quick fixes: software programs or consultants selling products that will simply ease equipment programs through government accreditation processes. This is not a substitute for security. “I’d rather see an unaccredited system with good security fielded rather than an accredited system without security.”


• Remember that Defense Department accreditation programs do not mean an entire system is secure. The certification process evaluates the minimum requirements of information assurance and security, and military systems can be certified with some known vulnerabilities. This is one reason why sustainment of the IT security is vital—it doesn’t end with a piece of paper.

(Source: Ted Hendy, U.S. Information Systems Engineering Command)

Back To Top