US GOVERNMENT FEDERAL COMPUTER SECURITY REPORT CARD RELEASEDThe federal computer security report card: Lessons from Uncle Sam - ComputerworldAPRIL 07, 2004 (COMPUTERWORLD) - For the fourth year in a row, the federal government released its "Report Card on Computer Security at Federal Departments and Agencies" (download PDF). The average grade for fiscal year 2003 was a D (65). The overall average grade in 2002 was an F (55); in 2001, it was also an F (53). Since 2000 was the first year that any measurements were taken, that year's score was "Incomplete" with a letter grade of D-.
Looking at the situation through the lens of an eternal optimist (and realist), maybe, just maybe, agency heads, the Office of Management and Budget and Congress will start looking for ways to get these agencies where they should be. An empire in the age of technology can and should be able to get passing grades in information security.

As an alternative to looking at the trends and drawing the conclusion that things aren't really that bad since, after all, the overall score is improving, let's examine instead the underlying factors that led to these scores. Then we can see why our dear Uncle Sam needs some help and can offer some suggestions.

Through this analysis, it will become clear that the issues are related to establishing, maintaining and measuring enterprise security management strategy as part of the systems development life cycle so that no government agency or company ever has to settle for a D.

Why the bad grades?

CONTINUED on website link........