IG: DHS Does Not Track Security Training of System Administrator Contractors

[InfoSec News <alerts () infosecnews org>]

http://www.nextgov.com/cybersecurity/2013/06/ig-dhs-does-not-track-security-training-system-administrator-contractors/64976/

By Aliya Sternstein
Nextgov
June 17, 2013

The Homeland Security Department does not keep tabs on whether contractors 
that monitor vulnerabilities on federal networks have undergone training, 
according to a new inspector general audit.

These private sector system administrators support CyberScope, a central 
reservoir for incoming streams of data summarizing every federal agency's 
computer security posture. The composite view of threat-levels is intended 
to help Homeland Security leaders manage cyber risks governmentwide. The 
account of an inadequate security training program for system 
administrator contractors at DHS follows the alleged breach of top secret 
files by a system administrator contractor at the National Security 
Agency.

Homeland Security does not maintain records on who has taken security 
awareness and specialized information technology training; nor does the 
department ensure that all training requirements have been completed, 
according to auditors.

"CyberScope contractors may not have received the appropriate skills or 
knowledge to properly administer and secure the systems against potential 
cyber threats," Frank Deffer, assistant inspector general for the office 
of IT audits, wrote in the report.

[...]



_______________________________________________
ISN mailing list
ISN () lists infosecnews org
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org