Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] DHS information security plans lacking, GAO says

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] DHS information security plans lacking, GAO says
Date: Tue, 12 Jul 2005 05:11:28 -0500 (CDT) 
http://www.govexec.com/dailyfed/0705/0701105p1.htm

By Daniel Pulliam
dpulliam at govexec.com 
July 11, 2005 

The Homeland Security Department has yet to establish an adequate 
information security program, congressional auditors found after 
spending nearly a year reviewing its cybersecurity policies and plans. 

Since the formation of Homeland Security in 2003, the department has 
struggled to manage its various components' computer systems, 
according to a new Government Accountability Office report. Complying 
with the 2002 Federal Information Security Management Act and guidance 
from the Office of Management and Budget for securing computer systems 
has proven to be difficult. Failure to implement established security 
policies has limited the department's ability to protect its 
information, the report (GAO-05-700) [1] stated. 

"Until DHS addresses these weaknesses and fully implements a 
comprehensive, departmentwide information security program, its 
ability to protect the confidentiality, integrity and availability of 
its information and information systems will be limited," the report 
stated. 

The report, requested by Sen. Joseph Lieberman, D-Conn., ranking 
member of the Senate Homeland Security and Governmental Affairs 
Committee, commended DHS for making "significant progress in 
developing and documenting a departmentwide information security 
program," but noted that weaknesses continue to threaten the security 
of its computer systems. 

On Monday, Lieberman urged the department to follow GAO's 
recommendations.

"How can the department possibly protect the nation's critical 
cyberstructure if it cannot keep its own house in order?" Lieberman 
said. "More than two years after the department was formed, it should 
have a better grasp on protecting its own systems and information." 

The 36-page review assessed four major DHS components - the US VISIT 
program, the Immigration and Customs Enforcement bureau, the 
Transportation Security Administration, and the Emergency Preparedness 
and Response division-- in five areas of security practices and 
management. 

In the five areas - assessing risks, security plans, security testing 
and evaluations, corrective action plans, and continuity of operation 
plans - no component was satisfactory in more than two areas. 

The report stated that DHS has developed policies that could serve as 
a framework for a security program, but gaps in those plans prevent 
its implementation. 

Homeland Security received an F grade in cybersecurity [2] along with 
seven other agencies rated by a congressional committee in February. 

In a response to the GAO report, Robert West, DHS chief information 
security officer, wrote that the department is doing more than just 
documenting an information security program. 

West cited the success of a pilot certification and accreditation 
program and a departmentwide inventory of systems and applications, 
scheduled to be completed in August. 

[1] http://www.gao.gov/new.items/d05700.pdf
[2] http://www.govexec.com/dailyfed/0205/021605p1.htm



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] DHS information security plans lacking, GAO says, InfoSec News <=
Previous by Date:  [ISN] Researchers, vendors, ISPs attack 'Net attackers, InfoSec News
Next by Date:  [ISN] Iron Mountain Loses More Tapes, InfoSec News
Previous by Thread:  [ISN] Researchers, vendors, ISPs attack 'Net attackers, InfoSec News
Next by Thread:  [ISN] Iron Mountain Loses More Tapes, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]