DHS IT auditing office criticizes its own security procedures
Failure by the inspector general’s office to implement a standard laptop configuration that meets required DHS and federal guidelines; the failure Inspector general’s office cited for having failed to implement procedure to identify relevent software patches and update; lost and stolen laptops a major issue
When the office responsible for auditing IT security practices is itself doing a bad job protecting critical data, its hard not to just throw up one’s hands and give up on all mankind. This is doubly true when the office in question is that of the DHS inspector general. A review of approximately 100 “Sensitive But Unclassified” office laptops by DHS’s assistant inspector general for IT found “significant work remains to be done” by the inspector general’s office in the areas of configuration, patch and inventory management. The news comes shortly after the Government Accountability Office issued its own report finding that over 100 Department of Homeland Security laptops are missing and are thought to have been stolen.
Each of the problems cited by the assistant inpector general cry out for outside assistance. They included the failure by the inspector general’s office to implement a standard laptop configuration that meets required DHS and federal guidelines; the failure to implement procedure to identify relevent software patches and update; a lack of procedures for reporting lost and stolen laptops; and an inability to ensure that reused or disposed of laptops are purged of sensitive data. To help solve these latter two problems, the report recommended deployment of an “enterprise property management system” for tracking inventory, Computer World reported.
-read more in this Computer World report