[ISN] DHS components lagging on information security, IG says

From: InfoSec News <alerts_at_private>
Date: Thu, 9 Oct 2008 03:02:04 -0500 (CDT)
http://www.fcw.com/online/news/154026-1.html

By Alice Lipowicz
FCW.com
October 8, 2008

The Homeland Security Department has taken steps to enhance information 
security, but its component agencies are lagging behind, according to a 
new report [1] from DHS Inspector General Richard Skinner.

For example, 22 of 25 information technology systems audited at DHS 
component agencies were lacking detailed emergency configuration plans, 
management plans, security controls or incident handling procedures, the 
report states. In addition, 19 of the systems had incomplete contingency 
plans, and five systems did not follow guidelines for a federal 
standard.

While the department has implemented a performance plan and made other 
improvements, “components are still not executing all of the 
department’s policies, procedures, and practices,” the inspector general 
concluded.

“Management oversight of the components’ implementation of the 
department’s policies and procedures needs improvement in order for the 
department to ensure that all information security weaknesses are 
tracked and remediated, and enhance the quality of system certification 
and accreditation,” Skinner wrote.

[1] http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_08-94_Sep08.pdf

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Thu Oct 09 2008 - 01:02:04 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 09 2008 - 01:16:17 PDT