[ISN] DHS IG targets security, procurement

From: InfoSec News (alerts@private)
Date: Tue Nov 14 2006 - 23:00:13 PST


http://www.fcw.com/article96827-11-14-06-Web

By Brian Robinson
Nov. 14, 2006

The Homeland Security Departments information technology security, 
program management and procurement practices will be among the prime 
targets of the departments inspector general during fiscal 2007, 
according to the IGs recently published annual performance plan.

The plan lays out the Office of the IGs road map for the inspections and 
audits it expects to conduct during the year to evaluate the progress of 
DHS programs and operations, particularly in relation to the major 
management challenges they face.

Security is an obvious concern, especially when it comes to mobile 
devices. The OIG is planning at least four audits of laptop security in 
its own workplace and in Customs and Border Protection, the Science and 
Technology Directorate, and the Federal Emergency Management Agency.

It also expects to conduct a departmentwide audit of physical and 
logical access controls for devices such as personal digital assistants 
and cell phones. Phones in particular are becoming multifunctional 
devices, the OIG said, with next-generation models already on the market 
incorporating PDA, infrared, wireless Internet, e-mail and global 
positioning capabilities.

However, each new development will present its own security risks, the 
OIG said. Vulnerabilities may exist when using PDAs attached to personal 
computers or other network-connected devices.

Other security concerns the OIG expects to tackle involve the protection 
of personal information and the overall compliance of DHS component 
agencies with a departmentwide security program.

One specific goal is an audit of the management oversight of DHS 
data-mining activities. In a report it published in June, the OIG 
identified a dozen systems that DHS employees use for that purpose.

The office is also planning closer oversight of the management and 
acquisition practices of major technology programs.

A critical component of the Secure Border Initiative, for example, is 
SBInet, which replaces two former programs, the Integrated Surveillance 
Intelligence System and the Americas Shield initiative.

The OIG will conduct a review of how SBInet program managers use lessons 
learned from other programs to minimize risks, and, as congressionally 
mandated, will also conduct an audit of each contract or task order 
valued at more than $20 million.

Other technology programs the OIG expects to examine during the year 
include those at the Transportation Security Administration, the U.S. 
Citizenship and Immigration Services IT modernization, and the Coast 
Guards enterprise architecture implementation.

Overall, the OIG identified 17 areas as posing the most serious 
management challenges for DHS in fiscal 2007. Answering fundamental 
questions within each area will help determine how the department is 
performing, the OIG said, and will help highlight ways to improve 
programs and operations.


_________________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Tue Nov 14 2006 - 23:14:51 PST