Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] GAO: Feds miss mark on security reporting

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] GAO: Feds miss mark on security reporting
Date: Tue, 14 Jun 2005 11:48:42 -0500 (CDT) 
http://www.fcw.com/article89234-06-13-05-Web

By Florence Olsen
June. 13, 2005 

Federal agencies need more detailed instructions to handle and report 
computer security threats, such as phishing, spyware and hacking, 
government auditors said in a report released today. 

Government Accountability Office auditors have found that most federal 
officials do not understand which computer security incidents they 
should report or how and to whom they should report them, even though 
such reporting is mandatory under the Federal Information Security 
Management Act.

As a result, the Homeland Security Department's U.S. Computer 
Emergency Readiness Team, which handles incident reporting, is unable 
to coordinate and respond to cyberthreats that target multiple federal 
agencies. 

To remedy the lack of accurate and comprehensive reporting, the 
auditors recommended that Office of Management and Budget officials 
increase their oversight of agencies' efforts to detect, report and 
respond to emerging cybersecurity threats. 

The report identifies the perpetrators of such threats as hackers, 
insiders, phishers, spammers and botnet operators. Botnet operators 
control computers infected with "bot" viruses, which the operators use 
in denial-of-service attacks against targeted Web sites.

The auditors also asked OMB officials, in coordination with DHS 
cybersecurity experts and the U.S. attorney general, to develop 
governmentwide guidelines on how to deal with such threats and how to 
report them to DHS and law enforcement agencies.

In their response to the report, OMB officials agreed to expand their 
FISMA reporting requirements to include agencies' response to emerging 
threats. They also plan to issue a document this summer that will 
define computer incident terms and clarify the roles and 
responsibilities of federal agencies for reporting computer security 
incidents.

The additional guidelines are needed, the auditors said, because most 
agencies have not fully addressed the risks of new cybersecurity 
threats as part of their agencywide information security programs.
 


_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] GAO: Feds miss mark on security reporting, InfoSec News <=
Previous by Date:  [ISN] The High Costs of Hacking, InfoSec News
Next by Date:  [ISN] Hackers took data, Medica alleges, InfoSec News
Previous by Thread:  [ISN] The High Costs of Hacking, InfoSec News
Next by Thread:  [ISN] Hackers took data, Medica alleges, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]