Take A Cue From Uncle Sam
The Federal Information Security Management Act of 2002 started the ball rolling in many ways for the government's internal policies on how it handles private data.
October 3, 2007
The Federal Information Security Management Act of 2002, or FISMA, started the ball rolling in many ways for the government's own internal policies on how they handle private data. While it was ostensibly about improving the security status of government agency networks (and it's certainly highlighted deficiencies in that area), it also has a lot to say about the normal handling of private data.
As mentioned in the previous blog entry, having a privacy policy that explicitly covers what you're not keeping, or how long you keep various logs and bits of data, is important, and indeed, required if you answer to FISMA.
Of course, FISMA is not without its detractors. Richard Bejtlich has a number of good posts on his blog detailing some of the shortcomings of FISMA (see DHS Debacle and FISMA Is a Joke). Fortunately, as a methodology and a general framework to give you something to think about in securing your resources, FISMA isn't that bad.
You May Also Like