[ISN] Auditors Fault GSA Travel System Security

From: InfoSec News <alerts_at_private>
Date: Thu, 10 Jun 2010 01:27:26 -0500 (CDT)
http://www.informationweek.com/news/government/enterprise-apps/showArticle.jhtml?articleID=225600134

By Elizabeth Montalbano
InformationWeek
June 9, 2010

Federal auditors have criticized the security and design of a General 
Services Administration e-travel system, suggesting changes to it as 
part of a yearly review of the agency's IT process.

In the Office of the Inspector General's semiannual report to Congress, 
auditors said that the GSA's implementation of the E2 Solutions travel 
management system has security and usability issues that, among other 
things, don't properly measure the performance of the system and make it 
unfriendly for users, particularly disabled ones.

"GSA's implementation of E2 has not provided the level of scrutiny 
necessary to ensure that internal and financial controls adequately 
mitigate operational risks," auditors wrote in the report. "In addition, 
targeted goals and performance measures necessary to comprehensively 
assess how well E2 meets GSA's travel management needs are not yet in 
place."

Specifically, the report said the GSA needs to assess the costs incurred 
with E2's implementation against the multiple contracts used to 
facilitate operations of the system. Also, the agency needs more 
oversight and control points when it comes to distributing funds.

[...]


_________________________________________________________________
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com
Received on Wed Jun 09 2010 - 23:27:26 PDT

This archive was generated by hypermail 2.2.0 : Wed Jun 09 2010 - 23:35:09 PDT