Shortcomings plague State's IT security

Shortcomings plague State's IT security
Shortcomings plague State's IT security 

By Alice Lipowicz
April 11, 2007

Despite some improvements, the State Department still falls short in its 
information security efforts, according to a new report from Inspector 
General Howard Krongard.

Nearly half of the 34 departmental posts and bureaus audited by the 
inspector general from April to September 2006 displayed shortcomings in 
information technology security, according to the report. These 
shortcomings were apparent in classified data being stored in 
unclassified systems, inadequate separation of duties among IT employees 
and missing or inadequate documentation on security settings used to 
protect data.

Despite progress in addressing privacy and in reporting computer hacking 
incidents, the department also shows inadequacies in its Federal 
Information Security Management Act compliance and documentation.

Problematic areas include planning and management, separation of duties 
of IT staff, service continuity, managing change of hardware and 
software, and maintaining access controls. Documents were lacking for 
contingency planning, standard operating procedures and security. The 
report also cited inconsistent training and lack of coordinated service 
to end users.

For the Broadcasting Board of Governors, which operates the Voice of 
America, Krongard cited an ambiguous chain of command for the chief 
information officer, which hampers the CIOs authority to identify and 
correct IT security problems.

Alice Lipowicz is a staff writer for Washington Technology, an 1105 
Government Information Group publication.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods