[ISN] DHS agencies don't sustain info security programs, IG says

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Oct 2009 01:30:08 -0500 (CDT)

By Ben Bain
Oct 15, 2009

Homeland Security Department agencies don.t sustain their information 
security programs year-round or perform continuous monitoring to 
maintain systems. accreditations and action plans, according to DHS 
Inspector General Richard Skinner.

The IG's findings come from an annual independent evaluation of the 
department's information security programs required by the Federal 
Information Security Management Act (FISMA). The law requires agency IGs 
to conduct the evaluations and agencies themselves to also conduct an 
annual information security evaluation.

Overall monthly FISMA information security scores for DHS agencies drop 
considerably after the annual deadline for FISMA reporting passes, the 
IG found. Overall scores for how well DHS agencies perform certification 
and accreditation and plans of action and milestones (POA&M) peak in 
months when the annual FISMA reporting is done and then quickly drop, 
the report said.

Meanwhile, Skinner also said DHS. Privacy Office is experiencing delays 
in reviewing and approving privacy impact assessments (PIAs) that the 
office is required to perform for many DHS IT systems. 


Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
Received on Thu Oct 15 2009 - 23:30:08 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 15 2009 - 23:55:15 PDT