Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Take A Cue From Uncle Sam

The Federal Information Security Management Act of 2002, or FISMA, started the ball rolling in many ways for the government's own internal policies on how they handle private data. While it was ostensibly about improving the security status of government agency networks (and it's certainly highlighted deficiencies in that area), it also has a lot to say about the normal handling of private data.

As mentioned in the previous blog entry, having a privacy policy that explicitly covers what you're not keeping, or how long you keep various logs and bits of data, is important, and indeed, required if you answer to FISMA.

Of course, FISMA is not without its detractors. Richard Bejtlich has a number of good posts on his blog detailing some of the shortcomings of FISMA (see DHS Debacle and FISMA Is a Joke). Fortunately, as a methodology and a general framework to give you something to think about in securing your resources, FISMA isn't that bad.