Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Does this audit make me look fat?
Thursday - 12/2/2010, 3:09pm EST
Steve Dauber, vice president of cybersecurity firm RedSeal Systems, told the DorobekINSDIER that these audits are helpful but do not differentiate between vulnerabilities and actual risks.
"The crux of the matter is most of those vulnerabilities are probably very low risk," Dauber said.
The challenge in identifying which vulnerabilities are in fact high risk is due to the high number of controls and devices involved in these IT systems, Dauber said.
"The sheer complexity and rate of change of these infrastructures is really overwhelming our human capability of understanding what's going on," he said.
Agencies are turning toward more technologies to mitigate high risks. Dauber said the federal government's next phase is to put into place a system to "translate between vulnerabilities and risks."