[ISN] Energy IG finds flaws in DOE IT security

From: InfoSec News <alerts_at_private>
Date: Tue, 19 Aug 2008 05:09:06 -0500 (CDT)
http://www.fcw.com/online/news/153534-1.html

By Michael Hardy
FCW.com
August 15, 2008

The Energy Department's efforts to protect information systems that 
contain national security information are falling short, the 
department's inspector general has found.

In an audit report [1] released recently, the IG reported weaknesses in 
five of the six facilities included in the audit. The review is the 
latest of several the IG has conducted of the department's certification 
and accreditation process.

Specifically, the IG found that:

    * At five of the six facilities audited, security plans did not 
      addres risks such as classified and unclassified systems operating 
      in the same environment.

    * In many cases, department officials were not approving security 
      plans and changes to systems.

    * In some cases, the plans did not accurately reflect the 
      environment they pertained to.

    * Five of the six sites did not have contingency plans for handling 
      service disruptions to national security information systems.

DOE managers agreed with two of the IG's recommendations and disagreed 
with the other two.

[1] http://www.ig.energy.gov/documents/IG-0800.pdf


__________________________________________________      
Visit Defcon Pics - Defcon Memory Repository 
http://www.defconpics.org
Received on Tue Aug 19 2008 - 03:09:06 PDT

This archive was generated by hypermail 2.2.0 : Tue Aug 19 2008 - 03:26:04 PDT