From Allan Paller’s testimony before the US Senate I think the quote speaks for itself. Outside the US – it seems even stranger to believe that US companies have enough money for two cyber security organizations paid for by the US taxpayer.
However, federal agencies cannot move effectively to more secure systems unless you shift the emphasis of the FISMA assessments from paper reporting to automated monitoring of essential controls. … Two weeks ago, a federal CIO told me, “I have a CISO who always gets me to green on my FISMA grades, but the reports he produces have no impact at all on security of our computers or networks, I am setting up a separate group to do real security.” This CIO can do both because of a surge of funding his organization has received from the new stimulus bill.
