Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] VA chief vows "relentless" exam of data protection polices

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] VA chief vows "relentless" exam of data protection polices
Date: Fri, 26 May 2006 04:05:13 -0500 (CDT) 
http://www.fcw.com/article94649-05-25-06-Web

By Bob Brewin
May 25, 2006 

Jim Nicholson, the Department of Veterans Affairs' secretary.  
testifying in Congress about the theft of personally identifiable data
for every living veteran, vowed to enforce existing policies and
procedures and institute new ones to ensure the department protects
sensitive data.

The VA, Nicholson said, has "begun a relentless examination of its
policies and procedures to make sure nothing like this happens ever
again."

Nicholson, testifying today before a joint hearing held by the Senate
Veterans' Affairs and Homeland Security committees, also acknowledged
that the culture at the VA in regards to information security needs to
change.

The agency has in place policy directives to safeguard sensitive
information, but many VA employees view those directives as just
guidelines, Nicholson said.

The data analyst who loaded personal information on 26.5 million
veterans on a PC at home which was stolen May 3, did so in direct
violation of agency policy, Nicholson told the hearing.

Nicholson, an Army veteran who spent eight years on active duty 22
years in the Reserves, said "I'm damn mad about the loss of veteran
data, and the fact that one person has put us all at risk."

To ensure other VA make data protection a key part of their jobs,
Nicholson said, every employee will be required to complete a
cybersecurity and information privacy course by June 30 and will need
to sign a privacy act statement on an annual basis.

The VA also intends to run regular background investigations on
department employees who handle sensitive information, Nicholson said.  
The unidentified data analyst who lost the information has worked for
the VA for 32 years and has not been subject to a National Agency
Check since he was employed, Nicholson added.

Nicholson said he has started the recruitment process for a "personal
information security czar" to ensure that data protection remains in
the forefront at the department.

The VA will also work to encrypt sensitive information and plans to
have new guidelines by June to govern user access to data, Nicholson
told the hearing, but did not provide any details.



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] VA chief vows "relentless" exam of data protection polices, InfoSec News <=
Previous by Date:  [ISN] Red Cross warns blood donors of possible ID thefts in Midwest, InfoSec News
Next by Date:  [ISN] Oracle's security chief lambastes faulty coding, InfoSec News
Previous by Thread:  [ISN] Red Cross warns blood donors of possible ID thefts in Midwest, InfoSec News
Next by Thread:  [ISN] Oracle's security chief lambastes faulty coding, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]