Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Report: DHS has 'significant deficiency' in info security

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Report: DHS has 'significant deficiency' in info security
Date: Fri, 29 Oct 2004 03:31:16 -0500 (CDT) 
http://www.fcw.com/fcw/articles/2004/1025/web-dhsig-10-28-04.asp

By Florence Olsen 
Oct. 28, 2004 

The Homeland Security Department's inspector general has completed an 
information security audit of the agency, which shows DHS officials 
are still struggling with internal cybersecurity issues.

The report [1], released Oct. 27, highlights areas in which DHS
officials have improved the department's information security
practices and policies. But the overall tone of the report is
negative. "We recommend that DHS continue to consider its information
systems security program a significant deficiency for" fiscal 2004,
the IG auditors state in the report's summary.

The IG conducted the information security audit between April and 
September 2004 according to guidelines set by Office of Management and 
Budget officials. OMB developed the guidelines to help federal 
agencies comply with the Federal Information Security Management Act 
of 2002. 

The report cited the chief information officer's lack of authority to 
manage DHS' departmentwide information technology programs and 
spending as a significant factor in the department's struggle to 
secure its information systems. It stated that the absence of a formal 
reporting relationship between the CIO and the program organizations 
within the department continues to undermine DHS' information security 
program.

Among the problems cited in the report, the inspector general found 12 
systems had been accredited even though key documentation did not meet 
the requirements for accreditation.

On a positive note, the IG commended DHS officials for developing 
departmentwide security configurations policies and procedures for 
Microsoft Corp. Windows 2000 and Sun Microsystems Inc. Solaris 
systems. But the report also noted that no DHS organization had 
completed configuration requirements for all of its systems.

Steven Cooper, DHS' CIO, was more positive in his written response to 
the report. After stating that he generally concurred with the IG's 
findings, Cooper wrote that DHS officials have begun a comprehensive 
inventory of general support systems and major applications and will 
review data captured in the agency's automated FISMA data collection 
and reporting system, Trusted Agent FISMA.

The IG's audit revealed problems with verifying the data in the 
automated system. For example, Trusted Agent FISMA does not identify 
applications and systems that are due for recertification and 
accreditation. 

[1] http://www.dhs.gov/interweb/assetlibrary/OIG_04-41.pdf



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Report: DHS has 'significant deficiency' in info security, InfoSec News <=
Previous by Date:  [ISN] Secunia Weekly Summary - Issue: 2004-44, InfoSec News
Next by Date:  [ISN] Secret Service busts online organized crime ring, InfoSec News
Previous by Thread:  [ISN] Secunia Weekly Summary - Issue: 2004-44, InfoSec News
Next by Thread:  [ISN] Secret Service busts online organized crime ring, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]