Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    DHS IT Security Still Lacking

    By
    Caron Carlson
    -
    August 22, 2005
    Share
    Facebook
    Twitter
    Linkedin

      The Department of Homeland Security worked to repair holes in its information systems last year, but ongoing weaknesses dogged the agencys networks, most notably in managing IT security.

      According to a July audit letter from KPMG LLP released last week, the DHS did not correct vulnerabilities in access controls and systems software that had been identified previously, limiting its ability to ensure that data is maintained with confidentiality, integrity and availability. The audit focused on the agencys financial reporting, and the weaknesses found had a negative impact on the financial internal controls, in particular.

      One of the most significant problems was found with access control inside the departments firewalls. Reminiscent of the weak “yellow sticky note” password system found all too frequently in the private sector, users at the DHS were sometimes able to use sensitive testing and development devices with a group password or system default password.

      /zimages/4/28571.gifAre biometrics the answer to the password problem? Click here to read more.

      Personnel “inside the organization who best understand the organizations systems, applications and business processes are able to make unauthorized access to some systems and applications,” KPMG warned. “As a result, test and development devices could be a target of hackers/crackers to obtain information (i.e., user password listings) that can be used to attempt further access into DHS IT environment.”

      KPMG also found that many user accounts were not configured for automatic log-off or lockout and that some workstations and servers were configured without necessary security patches.

      Last year, the DHS took several steps to correct IT security weaknesses, such as completing agencywide training and awareness sessions and moving to consolidate IT functions throughout the department.

      Another area of potential vulnerability for the DHS is in segregating duties that involve access to sensitive data. KPMG noted that despite previous recommendations, there were situations where one individual controlled more than one critical function, which increases the risk of fraud or damage to the data without detection. Also, software changes were not consistently documented, and the department was not up to speed on enforcing its certification and accreditation program or on training for administrators and security officers.

      In response to KPMGs findings, the DHS said it initiated a number of projects to remedy the weaknesses. However, several significant challenges remain, particularly in implementing an agencywide patch and security process. With more than 22 IT architectures joined in the department, it is a long-term project to design a single patch process.

      The high personnel turnover rate has hampered the deployment of an agencywide security training and awareness program. Nonetheless, last year, 85 percent of the DHS system users received IT security awareness training, and 89 percent of the agencys information security professionals received specialized training, according to the DHS.

      Newly hired DHS CIO Scott Charbo, who took the reins from Steve Cooper in June, has already moved to create a more unified IT infrastructure throughout the DHS by setting up two new procurement programs. The Enterprise Acquisition Gateway for Leading Edge solutions, or EAGLE, will cover IT services, including engineering design and implementation, testing and verification, software development, and management support. First Source will cover hardware and software, such as networking equipment, imaging products, wireless technology and online data tracking systems.

      /zimages/4/28571.gifCheck out eWEEK.coms for the latest news, views and analysis of technologys impact on government and politics.

      Caron Carlson

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×