Re: IG: State Department flunks systems security

[InfoSec News <isn () c4i org>]

Forwarded from: Chris Wysopal <cwysopal () atstake com>

A year after? How about 4.5 years after?

Serious Weaknesses Put State Department and FAA Operations at Risk
http://www.gao.gov/archive/1998/ai98170t.pdf


InfoSec News wrote:
> Forwarded from: William Knowles <wk () c4i org>
>
> http://www.gcn.com/vol1_no1/daily-updates/20398-1.html
>
> By Wilson P. Dizard III 
> GCN Staff
> 11/01/02 
>
> The State Department's information system security remains weak a
> year after the department was told of serious flaws, according to a
> recent report by the State inspector general's office. The IG
> reviewed system security in accordance with the Government
> Information Security Reform Act, which calls for annual reviews.
> Even though State made a plan for certifying and accrediting its
> systems, it has no timetable, according to the IG.
>
> Department officials had certified and accredited only 4 percent of
> systems by August, the report said. In addition, even though 72
> percent of the department's 358 systems have security
> classifications, only 15 percent have security plans, it said.
>
> Investigators also found problems at overseas posts, where the
> information system security officers "generally were not performing
> all the requisite duties," the report said. None of the 11 posts
> visited by the investigators had information security plans,
> according to the report, which also criticized poor management,
> technical and operational controls that increase "the risk to
> mission operations."
>
> The IG's office said it will make recommendations to correct the
> problems. State officials did not respond to repeated requests for
> comment on the report.


[...]



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.