b'Interview with Patrick Howard, CISO, Nuclear Regulatory Commission\\n\\n
The problem with Federal Information Security Management Act, says Patrick Howard, is that its original intent of the seven-year-old law that governs federal IT security isn\'t about compliance.\\n\\n
"The legislation requires risk management, but it has been interpreted as a piece legislation that requires compliance, so we kind of lost sight of risk management ... and that\'s the biggest problem I see with FISMA today," Howard, chief information security officer at the Nuclear Regulatory Commission, says in an interview with GovInfoSecurity.com. \\n\\n
In the interview, Howard also discussed the NRC\'s five-year information security strategic plan and the biggest and the top cyber threats NRC IT systems face.\\n\\n
Howard spoke with Eric Chabrow, managing editor of GovInfoSecurity.com.'