[ISN] Audit finds state computer security needs improvement

From: InfoSec News (isn@private)
Date: Thu Jun 22 2006 - 00:31:00 PDT


http://www.billingsgazette.net/articles/2006/06/20/news/state/24-computer-audit.txt

By The Associated Press
June 20, 2006

HELENA -- The state computer system building, and the taxpayer
information and other sensitive data it holds, are vulnerable to
security breaches, legislative auditors told lawmakers Tuesday.

The audit came one day after the state computer system's second
failure in less than a month.

The computer system for much of state government, including servers
and key network systems, is housed in the basement of a 60-year-old
building that is not completely secure, legislative auditors said.

The computer systems are behind a door that requires an access
keycard, but the wall does not extend to the ceiling, the audit said.
Legislative Audit Division staff said the computer center relies on
"security through obscurity."

State Chief Information Officer Dick Clark said his staff has
developed a series of quick deadlines to meet improvements suggested
by the auditors. The governor's office also has talked about
constructing a new building for the computer system.

Lawmakers said the lack of security is a big problem because state
computers warehouse a lot of sensitive data, including complete
records on taxpayers and others.

"I think this is some pretty serious stuff," said Rep. Dee Brown,
R-Hungry Horse.

Clark said his agency also is reviewing the credentials given to
people who have access to the computer system's location.

Auditors made a number of suggestions, including the need for a better
inventory of all the systems and data in the computer center, more
intense security precautions, and strengthened safeguards to mitigate
risks associated with earthquakes or flooding in the building's
basement.

The shutdown of the computer system on Monday had nothing to do with
security.

The system shut itself down after a fire alarm went off in the
building and fire extinguishers released a chemical to suck oxygen
from the air. The equipment was brought back on line late in the
afternoon.

In late May, most of the state computer system went down for a day
when a major piece of network equipment failed.

Copyright © The Billings Gazette



_________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.
www.blackhat.com



This archive was generated by hypermail 2.1.3 : Thu Jun 22 2006 - 01:04:09 PDT