FEMA still weak on IT security, auditors say

[InfoSec News <alerts () infosecnews org>]

http://www.fcw.com/online/news/153384-1.html

By Alice Lipowicz
FCW.com
August 4, 2008

The Federal Emergency Management Agency is still struggling to secure 
its information technology systems with 31 weaknesses carried over from 
previous years and 13 new weaknesses identified in fiscal 2007, 
according to a new audit report [1] released by Homeland Security 
Department Inspector General Richard Skinner.

FEMA corrected 10 weaknesses last year, and it developed new policies, 
processes and procedures to comply with cybersecurity guidelines, states 
the report on FEMA’s IT issues related to financial controls, written by 
the KPMG LLP auditing firm.

Overall, FEMA continues to suffer from weak controls on employee and 
contractor passwords, shortcomings in application service development 
and service continuity, and a weakness in its systemwide documentation, 
among other problems, the report states.

“These issues collectively limit FEMA’s ability to ensure that critical 
financial and operational data is maintained in a manner to ensure 
confidentiality, integrity and availability,” the report states.

[1] http://www.dhs.gov/xoig/assets/mgmtrpts/OIGr_08-68_Jun08.pdf

[...]

_______________________________________________      
Attend Black Hat USA, August 2-7 in Las Vegas, 
the world's premier technical event for ICT security experts.
Featuring 40 hands-on training courses and 80 Briefings 
presentations with lots of new content and new tools.
Network with 4,000 delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com