InformationWeek: The Business Value of Technology

Table of Contents

3 Author’s Bio
4 Fear of Complying
4 Figure 1: Regulatory Requirements
7 Figure 2: Scope of Risk Management Initiative
9 Figure 3: Data Management
10 Figure 4: Security Spending as Percentage of IT Budget


10 Steps to Ace a FISMA Audit
5 1 | Don’t get blinded by details. Focus on the underlying objective of FISMA.
6 2 | Protect the noun.
8 3 | Accept that some risk is OK.
8 4 | Appoint someone to own information security.
10 5 | Implement a plan and a budget. In writing.
11 6 | Embrace reporting.
12 7 | Realize monitoring is expensive, time consuming—and mandatory.
12 8 | Test controls, and be able to prove that you did so.
13 9 | Follow the leader.
13 10 | Still confused? Seek outside help.

About the Author