Risk
7/9/2009
02:20 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

DHS Systems More Secure, Inspector General Finds

Report indicates progress has been made certifying and accrediting the Department of Homeland Security's intelligence systems.

The Department of Homeland Security has significantly improved the cybersecurity of its top secret intelligence computer systems in the last two years, according to the recently released summary of an Inspector General report issued earlier this year.

"Information security procedures have been documented and controls have been implemented, providing an effective level of security for the department’s intelligence systems," the Office of the Inspector General said in its report.

Last year's report noted that DHS had not established a formal training program for employees who have responsibilities for DHS intelligence systems. This year's review notes that the DHS has created the Sensitive Compartmented Information Systems Information Assurance Handbook, "which provides department intelligence personnel with security procedures and requirements to administer its intelligence systems and the information processed."

A 2008 review noted progress on earlier cybersecurity goals, including creating and updating an inventory of Top Secret and sensitive information systems and certifying and accrediting those systems in accordance with intelligence directives. The 2009 report found continued certification and accreditation.

Overall, the report found that the Department of Homeland Security had acted on 10 of the inspector general's 14 recommendations from a 2007 report. The results of annual reviews of these systems have appeared only in heavily redacted summaries, which offered no concrete details between 2005 and 2007, so it's unclear exactly what those recommendations were.

Despite improvements in security controls, the Inspector General still found some gaps.

According to the report, the DHS has provided the IG with plans to implement -- but has note yet implemented -- numerous cybersecurity strategies related to an overall plan of action, disaster recovery, and more formal training.


InformationWeek has published an in-depth report on leading-edge government IT -- and how the technology involved may end up inside your business. Download the report here (registration required).

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7445
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

CVE-2015-4948
Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

CVE-2015-5660
Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

CVE-2015-6003
Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

CVE-2015-6333
Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
Cybercrime has become a well-organized business, complete with job specialization, funding, and online customer service. Dark Reading editors speak to cybercrime experts on the evolution of the cybercrime economy and the nature of today's attackers.