Forwarded from: Chris Wysopal <cwysopalat_private> A year after? How about 4.5 years after? Serious Weaknesses Put State Department and FAA Operations at Risk http://www.gao.gov/archive/1998/ai98170t.pdf InfoSec News wrote: > Forwarded from: William Knowles <wkat_private> > > http://www.gcn.com/vol1_no1/daily-updates/20398-1.html > > By Wilson P. Dizard III > GCN Staff > 11/01/02 > > The State Department's information system security remains weak a > year after the department was told of serious flaws, according to a > recent report by the State inspector general's office. The IG > reviewed system security in accordance with the Government > Information Security Reform Act, which calls for annual reviews. > Even though State made a plan for certifying and accrediting its > systems, it has no timetable, according to the IG. > > Department officials had certified and accredited only 4 percent of > systems by August, the report said. In addition, even though 72 > percent of the department's 358 systems have security > classifications, only 15 percent have security plans, it said. > > Investigators also found problems at overseas posts, where the > information system security officers "generally were not performing > all the requisite duties," the report said. None of the 11 posts > visited by the investigators had information security plans, > according to the report, which also criticized poor management, > technical and operational controls that increase "the risk to > mission operations." > > The IG's office said it will make recommendations to correct the > problems. State officials did not respond to repeated requests for > comment on the report. [...] - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Nov 06 2002 - 00:34:18 PST