Re: [ISN] IG: State Department flunks systems security

From: InfoSec News (isnat_private)
Date: Tue Nov 05 2002 - 22:27:09 PST

  • Next message: InfoSec News: "[ISN] Aust companies push tech security to top priority"

    Forwarded from: Chris Wysopal <cwysopalat_private>
    A year after? How about 4.5 years after?
    Serious Weaknesses Put State Department and FAA Operations at Risk
    InfoSec News wrote:
    > Forwarded from: William Knowles <wkat_private>
    > By Wilson P. Dizard III 
    > GCN Staff
    > 11/01/02 
    > The State Department's information system security remains weak a
    > year after the department was told of serious flaws, according to a
    > recent report by the State inspector general's office. The IG
    > reviewed system security in accordance with the Government
    > Information Security Reform Act, which calls for annual reviews.
    > Even though State made a plan for certifying and accrediting its
    > systems, it has no timetable, according to the IG.
    > Department officials had certified and accredited only 4 percent of
    > systems by August, the report said. In addition, even though 72
    > percent of the department's 358 systems have security
    > classifications, only 15 percent have security plans, it said.
    > Investigators also found problems at overseas posts, where the
    > information system security officers "generally were not performing
    > all the requisite duties," the report said. None of the 11 posts
    > visited by the investigators had information security plans,
    > according to the report, which also criticized poor management,
    > technical and operational controls that increase "the risk to
    > mission operations."
    > The IG's office said it will make recommendations to correct the
    > problems. State officials did not respond to repeated requests for
    > comment on the report.
    ISN is currently hosted by
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 00:34:18 PST