By Matthew Weigelt
Oct 05, 2009
The Commerce Department has failed to take the basic steps to develop
its workforce that oversees the security of the department.s information
technology systems, a newly posted report  states.
The department's management has not devoted enough attention and
resources to training its IT security workers, according to an audit by
the department's inspector general. The audit, dated Sept. 30, said
officials haven.t assigned who's accountable for what IT security
systems and many of Commerce's IT security officers don't have the
required security clearances. Without that clearance, the officers may
be kept from getting the full extent of a cyber attack because they
aren.t privy to the information, the report states.
"As a result, Commerce is at risk of not being satisfactorily prepared
to protect its IT assets and information," wrote Brett Baker, the
assistant IG for audit.
The report recommends greater professional development and role-based
training for IT security employees, especially those with significant
responsibilities. Officials also should formally document officers'
duties, and they should set specific security clearances with particular
IT positions and responsibilities, the report recommends.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News