CDRInfo Forum CDRInfo Forum

Forums  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

DHS IT security spanked again !   Logged in as: Guest
Viewers: 788 You can click here to see Today's Posts | Most Active Topics | Posts Since Last Visit
  Printable Version
All Forums >> [News Around The Web] >> Security News >> DHS IT security spanked again ! Page: [1]
Message << Older Topic   Newer Topic >>
DHS IT security spanked again ! - 1/25/2006 4:01:16 AM   

Posts: 12103
Joined: 7/4/2003
From: Melbourne, Victoria, AUS
Status: offline
The Homeland Security Department’s forlorn IT security came in for another pasting today from the department’s inspector general and from Sen. Judd Gregg (R-N.H.), chairman of the Senate Appropriations Subcommittee on Homeland Security.

The department’s IT security has been the subject of several critical reports and evaluations, and DHS has earned three consecutive failing grades in its annual IT security evaluation under the Federal Information Systems Management Act.

Department officials said they would reserve at least part of their response to Gregg’s comments on what he called the “disturbing IG reports on weaknesses in DHS operations” until a hearing tomorrow morning in the senator’s subcommittee about the U.S. Visitor and Immigrant Status Indicator Technology system. U.S. Visit program manager Jim Williams and Government Accountability Office architecture expert Randy Hite are slated to testify at the hearing.

Gregg praised DHS officials for pledging to address the problems raised in the three reports. Homeland Security CIO Scott Charbo responded to the reports with detailed letters describing DHS’ plans to improve database security and the management of the department’s OneNet network.

DHS officials responsible for IT used in border security, which formerly fell under the authority of the now-dissolved Border and Transportation Security Directorate, submitted a detailed reply to an IG report on border systems.

Gregg issued comments in a press release on three IG reports, with the following titles:
  • Management of the DHS Wide Area Network Needs Improvement
  • Security Weaknesses Increase Risks to Critical DHS Databases and
  • U.S. Visit System Security Management Needs Strengthening.

Gregg said that during a time when the government is spending billions on security, it is unacceptable that DHS has failed to properly manage and secure its systems.

“The reports of threats posed by holes in the department’s information technology and infrastructure are a concern,” Gregg said in his statement. “The U.S. Visit program, for example, is a major IT investment, and the department must concentrate on this program operating effectively.”

The IG reports include extensive blank spaces that omit sensitive IT security information about issues such as database configuration guidelines and database security and audit trail procedures. DHS also blanked out the locations of DHS database facilities in six states.

The IG reported that DHS officials have not yet fully aligned their databases with FISMA procedures, failing, for example, to test and evaluate security controls, to integrate security control costs into system life cycle costs and to provide specialized security training to system administrators.

The auditors said DHS had not followed its own procedures to clear an upgrade of the department’s wide area network, and had relied on a network security operation at Immigration and Customs Enforcement rather than creating a separate security operations center. They pointed out ineffective network monitoring and the lack of interconnection service agreements as additional problems with the WAN.

Source : GCN
Post #: 1
Page:   [1]
All Forums >> [News Around The Web] >> Security News >> DHS IT security spanked again ! Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts

Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI