[ISN] Audit: TSA has weak IT security controls

From: InfoSec News <alerts_at_private>
Date: Wed, 27 May 2009 00:03:40 -0500 (CDT)

By Alice Lipowicz
May 26, 2009

The Transportation Security Administration had 15 information technology 
control deficiencies in fiscal 2008 that collectively represent a 
material weakness that could affect the integrity of the agency’s 
financial data, according to a recent audit released by the Homeland 
Security Department’s Office of Inspector General.

Auditors from KPMG made 15 findings of deficiencies at TSA, including 13 
repeat findings and two new findings.

TSA officials took corrective action in fiscal 2008 by testing disaster 
recovery procedures and reviewing audit logs, but the agency still fell 
short on oversight of the termination of a software support contract, 
configuration management and tracking of scripts.

“Collectively, the IT control weaknesses limited TSA’s ability to ensure 
that critical financial and operational data were maintained in such a 
manner to ensure confidentiality, integrity and availability,” the 
report states. “In addition, these weaknesses negatively impacted the 
internal controls over TSA financial reporting and its operation, and we 
consider them to collectively represent a material weakness for TSA 
under standards established by the American Institute of Certified 
Public Accountants.”


Received on Tue May 26 2009 - 22:03:40 PDT

This archive was generated by hypermail 2.2.0 : Tue May 26 2009 - 22:22:26 PDT