[ISN] Firm hired to improve VA security

From: InfoSec News (alerts@private)
Date: Thu Jan 18 2007 - 22:33:22 PST


Associated Press Writer
Copyright 2007 The Associated Press
Jan. 17, 2007

HAGERSTOWN, Md. - The Department of Veterans Affairs will pay a defense 
contractor millions of dollars to help the agency improve data security 
after the theft last year of a computer packed with personal 
information, company officials said Wednesday.

The project, focusing on the behavior of the department's 235,000 
workers, is part of the VA's effort to better protect sensitive 
information after a laptop computer and external drive containing the 
personal information of about 26.5 million veterans and military members 
was stolen last spring.

Maryland-based Engineering Systems Solutions Inc. and subcontractor 
Dreifus Associates Ltd. Inc., of Maitland, Fla., will work on the 
five-year contract, which is worth $2.3 million in the first year and an 
undefined amount for the rest, said Laura Nash, director of strategic 
consulting at Engineering Systems Solutions.

They will look for effective data-protection practices in the health 
care and finance industries and in other government agencies, and help 
the VA implement similar measures, she said.

"A lot of it is really a people issue," Nash said. "People want to do 
the right thing, but we can all be a little careless sometimes. We can 
all be a little bit more careful."

The VA computer taken from an employee's home in May was recovered with 
no data accessed, the agency said. The episode focused attention on the 
vulnerability of portable devices containing huge amounts of sensitive 

The department says it has since trained all employees in the proper 
handling of sensitive data and installed encryption programs on all 
laptops. It spent at least $80 million on computer security in the 
fiscal year that ended Sept. 30 and plans to increase that amount this 
year, spokeswoman Jo Schuda said.

"It needs to become part of someone's subconscious that as they go 
through their day-to-day routine, they automatically take the necessary 
steps to protect personal data," Nash said.

Such steps include using encryption when e-mailing sensitive data, 
logging off one's computer when leaving one's desk and, "as part of 
changing the culture, getting people to think twice" about taking work 
home, she said. "Do they really need to take this data home? Is there 
another way of getting this work done without having to have any kind of 
potential compromise?"


On the Net:

Engineering Systems Solutions: http://www.essworld.net 
Dreifus Associates: http://www.dreifus.com 
Department of Veterans Affairs: http://www.va.gov

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Jan 18 2007 - 23:01:40 PST