http://www.darkreading.com/insiderthreat/security/government/showArticle.jhtml?articleID=218501432 By Tim Wilson DarkReading July 20, 2009 Virtually all of the U.S. federal government's key civilian agencies are still falling short of the security marks they have been asked to meet, according to the Government Accountability Office (GAO). In a report (PDF) issued earlier today, the GAO says of the 24 agencies reviewed, almost all had deficiencies in security controls and management, "leaving them vulnerable to attack or compromise." The GAO says it has made "hundreds" of recommendations to the agencies, yet many have not been addressed. During the past three years, the number of incidents reported by federal agencies to U.S.-CERT has increased by almost 200 percent -- from 5,503 in 2006 to 16,843 in 2008, according to the report. More than one-third of the incidents are still under investigation, and the sources of the compromises are not yet known. Of the incidents in which the sources are known, approximately 22 percent were caused by improper use of computers by authorized users, the report states. Eighteen percent of the compromises were caused by unauthorized access, and 14 percent were caused by malicious code. About 12 percent of the breaches were caused by scans, probes, or attempted access by external attackers, the report says. Of the 24 agencies reviewed, 13 reported "significant deficiencies" in information security, the GAO says. Seven agencies reported "material weaknesses" that still have not been repaired. Only four agencies reported "no significant weakness," the report states. [...] _______________________________________________ Attend Black Hat USA, July 25-30 in Las Vegas, the world's premier technical event for ICT security experts. Network with 4,000+ delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.comReceived on Tue Jul 21 2009 - 23:45:31 PDT
This archive was generated by hypermail 2.2.0 : Tue Jul 21 2009 - 23:53:11 PDT