Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Auditors: DHS should spur use of critical infrastructure data

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Auditors: DHS should spur use of critical infrastructure data
Date: Thu, 18 May 2006 04:02:07 -0500 (CDT) 
http://www.gcn.com/online/vol1_no1/40809-1.html

By Wilson P. Dizard III
GCN Staff
05/17/06

The Homeland Security Department should work to increase use of
sensitive information it receives from private companies about
vulnerable assets like utilities, private IT networks, energy
production and distribution facilities, and transportation assets, the
Government Accountability Office said in a report unveiled today.

The report [1], titled "DHS Should Take Steps to Encourage More
Widespread Use of its Program to Protect and Share Critical
Infrastructure Information," describes how the department has been
carrying out the Critical Infrastructure Information Act.

That law was a response to the frequently repeated fact that more than
85 percent of the essential facilities that terrorists could target
are in private hands.

The law sought to encourage private companies to submit information
about the critical infrastructure assets to DHS by creating special
shields against the public release of the data. In particular, the law
bars release of the information under the federal Freedom of
Information Act.

Once the information is gathered and protected, the department is
responsible for sharing it with appropriate agencies so they can help
protect the assets from terrorist attacks.

GAO reported that the department has set up a program office to
establish requirements for gathering, protecting, sharing and using
the infrastructure information.

As of January 2006, the program office had received 260 submissions of
critical infrastructure information from various sectors. The office
has publicized the program to government agencies and private
companies, and trained about 750 potential users in DHS and other
federal, state and local agencies to handle the specially protected
information.

However, according to the report, DHS must overcome challenges in
defining government needs for the information, deciding how it will be
used, protecting the information and controlling access to it as well
as convincing the private companies that they will gain by submitting
the information.

"If DHS were able to surmount these challenges, it and other
government users may begin to overcome the lack of trust that critical
infrastructure owners have in the government's ability to use and
protect their sensitive information," the report said.

The auditing agency added that DHS officials concurred with the report
findings in oral comments.

[1] http://www.gao.gov/new.items/d06383.pdf



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Auditors: DHS should spur use of critical infrastructure data, InfoSec News <=
Previous by Date:  [ISN] Gossip lands Education hacker in jail, InfoSec News
Next by Date:  [ISN] GAO: IRS procedural flaws leave taxpayer materials vulnerable, InfoSec News
Previous by Thread:  [ISN] Gossip lands Education hacker in jail, InfoSec News
Next by Thread:  [ISN] GAO: IRS procedural flaws leave taxpayer materials vulnerable, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]