"Information security procedures have been documented and controls have been implemented, providing an effective level of security for the department’s intelligence systems," the Office of the Inspector General said in its report.
Last year's report noted that DHS had not established a formal training program for employees who have responsibilities for DHS intelligence systems. This year's review notes that the DHS has created the Sensitive Compartmented Information Systems Information Assurance Handbook, "which provides department intelligence personnel with security procedures and requirements to administer its intelligence systems and the information processed."
A 2008 review noted progress on earlier cybersecurity goals, including creating and updating an inventory of Top Secret and sensitive information systems and certifying and accrediting those systems in accordance with intelligence directives. The 2009 report found continued certification and accreditation.
Overall, the report found that the Department of Homeland Security had acted on 10 of the inspector general's 14 recommendations from a 2007 report. The results of annual reviews of these systems have appeared only in heavily redacted summaries, which offered no concrete details between 2005 and 2007, so it's unclear exactly what those recommendations were.
Despite improvements in security controls, the Inspector General still found some gaps.
According to the report, the DHS has provided the IG with plans to implement -- but has note yet implemented -- numerous cybersecurity strategies related to an overall plan of action, disaster recovery, and more formal training.
InformationWeek has published an in-depth report on leading-edge government IT -- and how the technology involved may end up inside your business. Download the report here (registration required).