Government Information Security Podcast

Interview with Patrick Howard, CISO, Nuclear Regulatory Commission The problem with Federal Information Security Management Act, says Patrick Howard, is that its original intent of the seven-year-old law that governs federal IT security isn't about compliance. "The legislation requires risk management, but it has been interpreted as a piece legislation that requires compliance, so we kind of lost sight of risk management ... and that's the biggest problem I see with FISMA today," Howard, chief information security officer at the Nuclear Regulatory Commission, says in an interview with GovInfoSecurity.com. In the interview, Howard also discussed the NRC's five-year information security strategic plan and the biggest and the top cyber threats NRC IT systems face. Howard spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.