[ISN] Tighten computer security, auditor general tells province

From: InfoSec News (alerts@private)
Date: Mon Jul 31 2006 - 00:28:05 PDT


July 26, 2006
CBC News 

Nova Scotia's new auditor general says he's concerned the province has 
left security gaps in some of its computer systems.

In his first report since starting the job in March, Jacques Lapointe said 
a computer system in the Department of Community Services has left a door 
open for mistakes or abuse.

Lapointe listed a number of problems, including too many people with one 
password. He noted some of these people had moved on to other jobs and 
shouldn't be authorized to use certain computer files.

A big concern for the auditor general was that most of the computer 
security issues had been raised in the past by previous auditors general.

"The speed of reaction to these has not been great, and I'm concerned that 
similar issues keep getting brought up," Lapointe said.

He didn't cite any specific examples of mistakes or wrongdoing that 
resulted from the problems, but said the systems expose government to 
great risks.

Lapointe said a lack of information about spending estimates for 2006-07 
made a full evaluation impossible.

The auditor general found other problems that were not related to computer 
security, such as health authorities that are forced to make business 
decisions about how to run hospitals before budgets are approved.

He also said school boards are open to risk because there are few controls 
over the millions of dollars they fundraise.

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches.

This archive was generated by hypermail 2.1.3 : Mon Jul 31 2006 - 00:37:49 PDT