IG: State Department flunks systems security

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.gcn.com/vol1_no1/daily-updates/20398-1.html

By Wilson P. Dizard III 
GCN Staff
11/01/02 

The State Department's information system security remains weak a year 
after the department was told of serious flaws, according to a recent 
report by the State inspector general's office. The IG reviewed system 
security in accordance with the Government Information Security Reform 
Act, which calls for annual reviews. Even though State made a plan for 
certifying and accrediting its systems, it has no timetable, according 
to the IG. 

Department officials had certified and accredited only 4 percent of 
systems by August, the report said. In addition, even though 72 
percent of the department's 358 systems have security classifications, 
only 15 percent have security plans, it said. 

Investigators also found problems at overseas posts, where the 
information system security officers "generally were not performing 
all the requisite duties," the report said. None of the 11 posts 
visited by the investigators had information security plans, according 
to the report, which also criticized poor management, technical and 
operational controls that increase "the risk to mission operations." 

The IG's office said it will make recommendations to correct the 
problems. State officials did not respond to repeated requests for 
comment on the report. 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.