Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    DHS IT Security Still Lacking

    By
    Caron Carlson
    -
    August 22, 2005
    Share
    Facebook
    Twitter
    Linkedin

      The Department of Homeland Security worked to repair holes in its information systems last year, but ongoing weaknesses dogged the agencys networks, most notably in managing IT security.

      According to a July audit letter from KPMG LLP released last week, the DHS did not correct vulnerabilities in access controls and systems software that had been identified previously, limiting its ability to ensure that data is maintained with confidentiality, integrity and availability. The audit focused on the agencys financial reporting, and the weaknesses found had a negative impact on the financial internal controls, in particular.

      One of the most significant problems was found with access control inside the departments firewalls. Reminiscent of the weak “yellow sticky note” password system found all too frequently in the private sector, users at the DHS were sometimes able to use sensitive testing and development devices with a group password or system default password.

      /zimages/4/28571.gifAre biometrics the answer to the password problem? Click here to read more.

      Personnel “inside the organization who best understand the organizations systems, applications and business processes are able to make unauthorized access to some systems and applications,” KPMG warned. “As a result, test and development devices could be a target of hackers/crackers to obtain information (i.e., user password listings) that can be used to attempt further access into DHS IT environment.”

      KPMG also found that many user accounts were not configured for automatic log-off or lockout and that some workstations and servers were configured without necessary security patches.

      Last year, the DHS took several steps to correct IT security weaknesses, such as completing agencywide training and awareness sessions and moving to consolidate IT functions throughout the department.

      Another area of potential vulnerability for the DHS is in segregating duties that involve access to sensitive data. KPMG noted that despite previous recommendations, there were situations where one individual controlled more than one critical function, which increases the risk of fraud or damage to the data without detection. Also, software changes were not consistently documented, and the department was not up to speed on enforcing its certification and accreditation program or on training for administrators and security officers.

      In response to KPMGs findings, the DHS said it initiated a number of projects to remedy the weaknesses. However, several significant challenges remain, particularly in implementing an agencywide patch and security process. With more than 22 IT architectures joined in the department, it is a long-term project to design a single patch process.

      The high personnel turnover rate has hampered the deployment of an agencywide security training and awareness program. Nonetheless, last year, 85 percent of the DHS system users received IT security awareness training, and 89 percent of the agencys information security professionals received specialized training, according to the DHS.

      Newly hired DHS CIO Scott Charbo, who took the reins from Steve Cooper in June, has already moved to create a more unified IT infrastructure throughout the DHS by setting up two new procurement programs. The Enterprise Acquisition Gateway for Leading Edge solutions, or EAGLE, will cover IT services, including engineering design and implementation, testing and verification, software development, and management support. First Source will cover hardware and software, such as networking equipment, imaging products, wireless technology and online data tracking systems.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.

      Caron Carlson
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×