http://www.gcn.com/online/vol1_no1/41589-1.html 

By Alice Lipowicz
Contributing Writer
08/08/06

Despite improvements, the Homeland Security Department continues to 
display significant information security weaknesses that jeopardize the 
integrity and privacy of department IT programs, according to a new report 
[1] released by DHS Inspector General Richard Skinner.

The IT Management Letter is part of the fiscal 2005 Financial Statement 
Audit, which was performed by KPMG LLP accounting firm. The inspector 
general released it in a redacted form to prevent disclosure of sensitive 
information.

According to the 77-page management letter, the most significant IT 
control weaknesses at the agency involve entitywide security, access 
controls and service continuity.

"Collectively, these IT control weaknesses limit DHS' ability to ensure 
that critical financial and operational data is maintained in such a 
manner to ensure confidentiality, integrity and availability," the report 
said.

The management letter described the problems as materials weaknesses for 
financial system security under standards accepted by the Government 
Accountability Office, which is an arm of Congress.

The audit found a lack of certifications and accreditations; missing and 
weak user passwords on key servers and databases; absence of necessary 
security patches; and configurations in which users were not automatically 
logged off following usage, among other problems.

The IT management later looked at Customs and Border Protection, the Coast 
Guard, the Federal Emergency Management Agency, Transportation Security 
Administration, and other agencies.

[1] http://www.dhs.gov/interweb/assetlibrary/OIGr_06-49_Jul06.pdf 

-=-

Alice Lipowicz is a staff writer for Government Computer News' sister 
publication, Washington Technology.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org