Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Interior wants OMB to referee dispute over its IT security

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Interior wants OMB to referee dispute over its IT security
Date: Thu, 24 Nov 2005 01:11:01 -0600 (CST) 
http://www.gcn.com/vol1_no1/daily-updates/37643-1.html

By Mary Mosquera 
GCN Staff
11/23/05 

Interior secretary Gale Norton disagrees with her department's
inspector general that the department does not meet federal security
requirements and has asked the Office of Management and Budget to
clarify its interpretation of those requirements.

Interior certified and accredited more than 98 percent of its systems
in fiscal 2005 to comply with the Federal Information Security
Management Act. During the year, Interior also made progress in
consolidating 13 networks into a single departmental enterprise
services network, with strong network perimeter security controls. The
three remaining bureau networks are undergoing consolidation now, she
said in a letter to OMB director Joshua Bolten last month.

"While IT security is not perfect, risks and vulnerabilities still
remain, and improvements need to be made, the policies and processes
to address those risks are adequate, improvements have been and will
continue to be made, and therefore, DOI substantially complies with
FISMA," Norton said in the letter.

OMB could not comment on Interior's request, an OMB spokesman said.

"We continue to work with every agency to improve security. We are
currently completing our analysis for the FISMA report to be released
in March," OMB spokesman Alex Conant said.

Norton said some of the reporting criteria on risk management were
ambiguous, leading to subjective judgment and individual perspectives.

The quality of Interior's certification and accreditation process is,
at a minimum, satisfactory, said Interior CIO Hord Tipton in a
redacted version of his FISMA evaluation.

Tipton's office also worked under the burden of producing 4.5 million
pages of documentation related to the long-running Cobell v. Norton
lawsuit, which has forced Interior to cut off some of its systems from
the Internet. The plaintiffs claim that Interior's IT security is weak
and that hackers can easily penetrate the Individual Indian Trust
financial records.

"The CIO believes the IG's responses to several of the questions in
the FY 2005 reporting template exceed the basic requirements of FISMA
and do not take into account improvements made during the year in
response to the testing the IG conducted," Norton said.

Despite progress, Interior IG Earl Devaney said the department has
significant weaknesses in its network security, plans for corrective
actions and milestones, and certification and accreditation.

The IG's penetration testing demonstrated that Interior's network
infrastructure was vulnerable to unauthorized access from internal and
external threats.

"(It) allowed us to compromise some of DOI's most sensitive
information," Devaney said in the public version of his evaluation.

Devaney rated Interior.s certification and accreditation program as
poor. Overall, Interior lacks an effective departmentwide strategy to
implement and oversee its various policies and procedures, he said.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Interior wants OMB to referee dispute over its IT security, InfoSec News <=
Previous by Date:  [ISN] Military assessing possible threat posed by Sony security software, InfoSec News
Next by Date:  [ISN] Points scammer felt like family failure, InfoSec News
Previous by Thread:  [ISN] Military assessing possible threat posed by Sony security software, InfoSec News
Next by Thread:  [ISN] Points scammer felt like family failure, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]