[ISN] IG: DHS lax on portable device security controls

From: InfoSec News <alerts_at_private>
Date: Fri, 17 Oct 2008 01:29:20 -0500 (CDT)
http://www.fcw.com/online/news/154093-1.html

By Alice Lipowicz
FCW.com
October 16, 2008

The Homeland Security Department has not deployed effective controls on 
portable storage devices that may be attached to its unclassified 
computer systems, according to an audit report [1] from DHS Inspector 
General Richard Skinner released today.

“DHS has not implemented effective controls to restrict unauthorized 
devices from being connected to DHS’ unclassified systems,” the audit 
stated.

The proliferation of portable storage devices that include external hard 
drives, flash drives and jump drives has been recognized as a risk for 
computer security. If unauthorized devices are connected to a federal 
network, that may result in unauthorized access or theft of sensitive 
information.

During the audit, which was performed from February to May, the IG 
identified unauthorized data storage devices connected to departmental 
servers and workstations at 11 DHS component agencies, though it was not 
clear whether the devices were functioning or whether data had been 
transferred from those devices.

[1] http://www.dhs.gov/xoig/assets/mgmtrpts/OIG_08-95_Sep08.pdf

[...]


__________________________________________________      
Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
http://conference.hackinthebox.org/hitbsecconf2008kl/
Received on Thu Oct 16 2008 - 23:29:20 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 16 2008 - 23:42:26 PDT