DHS IT system still vulnerable
Opportunity: The IT systems for DHS are still vulnerable according to inspector general of the agency; its main weaknesses are access controls, system-wide security, and service continuity
DHS has made some progress in shoring up the security of its IT systems, but the department’s inspector general, Richard Skinner, reports that the agency still displays significant information security weaknesses which jeopardize the integrity and privacy of its IT programs. The IT Management Letter is part of the fiscal 2005 Financial Statement Audit, performed by KPMG LLP accounting firm. The IG released it in a redacted form to prevent disclosure of sensitive information.
According to the 77-page management letter, the most significant IT control weaknesses at the agency involve entity-wide security, access controls, and service continuity. “Collectively, these IT control weaknesses limit DHS’ ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability,” the report said. The management letter described the problems as materials weaknesses for financial system security under standards accepted by the Government Accountability Office (GAO). Among the audit’s findings: lack of certifications and accreditations; missing and weak user passwords on key servers and databases; absence of necessary security patches; and configurations in which users were not automatically logged off following usage, among other problems.
-read more in Alice Lipowicz’s Washington Technology report []
