Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Energy Department auditors cite cybersecurity flaws at FERC

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Energy Department auditors cite cybersecurity flaws at FERC
Date: Tue, 11 Oct 2005 23:08:41 -0500 (CDT) 
http://www.gcn.com/vol1_no1/daily-updates/37284-1.html

By Wilson P. Dizard III 
GCN Staff
10/11/05

The Energy Department's inspector general has found fault with
cybersecurity procedures in the Federal Energy Regulatory Commission's
unclassified cybersecurity program.

In a report [1] issued today, the IG noted that FERC officials have
continued to improve their cybersecurity program, and cited
improvements since a previous review in 2002.

However, the IG staff found several areas in which FERC was deficient,
including:

* Access controls had in some cases not been implemented via strong
  password management 

* Some software with known security flaws was not replaced, and some 
  users were at times provided access at higher levels than their 
  duties required 

* Not all cybersecurity weaknesses were traced and resolved.

Auditors said FERC had overlooked the problems because officials had
failed to complete compliance evaluations required by general federal
requirements and agency-specific rules.

The report, however, omitted information on specific vulnerabilities
and how they might be fixed. FERC management said that it generally
concurred with the IG's findings and recommendations.

[1] http://www.ig.doe.gov/pdf/ig-0704.pdf



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Energy Department auditors cite cybersecurity flaws at FERC, InfoSec News <=
Previous by Date:  [ISN] The Four Most Dangerous Security Myths, InfoSec News
Next by Date:  [ISN] Nessus scanner code forked, InfoSec News
Previous by Thread:  [ISN] The Four Most Dangerous Security Myths, InfoSec News
Next by Thread:  [ISN] Nessus scanner code forked, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]