[ISN] U.S. gov't department details IT audit plans for 2006

From: InfoSec News (isn@private)
Date: Mon Jan 09 2006 - 01:35:56 PST


http://www.networkworld.com/news/2006/010406-government-it-audit.html

By Linda Rosencrance
Computerworld
01/04/06

Richard Skinner, the inspector general of the U.S. Department of
Homeland Security, plans to conduct more than 12 audits of IT programs
and operations in 2006, according to a recently released performance
plan.

As part of that plan, the DHS's Office of Information Technology will
conduct audits and evaluations of the department's information
management, cyber infrastructure and systems integration activities.

For example, the Office of Information Technology (OIT) plans to look
at whether security controls are effective in protecting personal
information for the systems supporting the Transportation Worker
Identification Credentialing (TWIC) program. Under that program, which
was established in December 2001, some transportation workers are
issued a standardized, secure identification card that allows them
unescorted access to secure areas of the nation's transportation
system -- as well as access to computer-based information systems
involved in the security of the transportation system.

The OIT also wants to determine whether the DHS has adequate security
controls in place over the Automated Commercial Environment (ACE),
which collects, processes and analyzes commercial import and export
data. ACE simplifies dealings between U.S. Customs and Border Patrol
and the trade community by automating time-consuming and
labor-intensive transactions to move goods through ports faster and
cheaper.

In the Science and Technology area, Skinner's office will evaluate
whether that DHS agency has established security controls for the
sensitive information systems and data housed at the Plum Island
Animal Disease Center on New York's Long Island. The OIT also hopes to
determine the status of the DHS's initiatives, applications and
progress in integrating automated surveillance system technologies to
respond to modern-day threats; the department's progress in research
and project application related to its goals and performance measures;  
the issues and challenges that exist for DHS deployment of this
functionality; and whether there are sufficient management controls in
place or planned to ensure compliance with security, privacy laws and
policies and biometric standards.

The inspector general is also planning to audit DHS operations for
information sharing related to critical infrastructure protection.  
Skinner's office hopes to determine whether DHS strategies and tools
for working with private industry would be effective in the event of a
failure of, or attack on, critical sector operations. In addition, the
OIG is set to review just how effectively the DHS shares disaster
response and counter-terrorist information with state and local
governments.

The OIT will also review the DHS's Infrastructure Transformation
Project Strategy and Implementation, which spells out how DHS's IT
infrastructure will move from a decentralized delivery model to a
centralized and shared IT infrastructure services model for all of its
agencies. Skinner also wants to determine whether DHS has established
adequate security policies and procedures to safeguard laptop
computers -- as well as the data stored in those computers.

Skinner's office also plans to determine whether the DHS has
effectively managed the use of RFID technology to protect
mission-critical data and information systems from unauthorized data.  
The DHS is using RFID technology to track and identify assets, weapons
and baggage on flights.

In the wake of problems sharing information between various government
entities after Hurricane Katrina hit the Gulf coast last year, the OIG
also plans to determine how effective DHA has been at ensuring
effective communications to support future disaster response and
recovery.

Story copyright © 2003 Computerworld, Inc.



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.



This archive was generated by hypermail 2.1.3 : Mon Jan 09 2006 - 01:59:45 PST