Audit Chides Department Of Homeland Security's WAN - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News
News
1/30/2006
08:39 PM
50%
50%

Audit Chides Department Of Homeland Security's WAN

Among other problems, DHS has not clearly outlined baseline security controls or rules of use on the interconnected systems to prevent unauthorized transactions on the WAN, auditors said.

The Department of Homeland Security's wide area network risks service disruptions and losing data because of a high volume of security problems, according to a recent audit.

The Office of the Inspector General found that DHS had 65 million security event messages from February through April 2005, and 6.5 million were tagged as possible misuse of computers to access pornography Web sites.

The overall figure represents an increase of more then a 400 percent from the year before, but the number of porn warnings could be due to legitimate law enforcement investigations, DHS information officers told the OIG in an audit released at the end of 2005. That's difficult to determine because of the way the network is monitored.

Despite rules requiring DHS to monitor the network, which serves 22 organizations under its umbrella, DHS turned responsibility for monitoring over to U.S. Customs and Border Protection with no formal agreement about how they should collaborate, according to the audit posted online in January.

The department has not clearly outlined baseline security controls or rules of use on the interconnected systems to prevent unauthorized transactions on the WAN. Without those controls, DHS cannot remove a problematic group from the network or require that risky computer use be performed through a dial-up connection or other method to reduce risk, auditors noted.

According to the audit, DHS needs to improve its incident response capabilities, choose more effective means of collecting, analyzing and reporting data and build communication between various groups like legal, human resources and external groups. It should also appoint an information security manager for the WAN, create a security operations center for the network and sign interconnection service agreements for systems connected to the network.

Finally, it needs to draft security plans, institute certification and accreditation requirements, perform risk assessments, add equipment for traffic analysis and comply with its own investment policies. DHS hasn't received all of the approvals it needs for its network. That means it "risks spending on investments which may not directly support or further its mission."

In a response, Scott Charbo, chief information officer for DHS, agreed that most improvements suggested in the audit are needed. He said some would be completed when DHS finishes constructing a networks in December.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
News
How to Create a Successful AI Program
Jessica Davis, Senior Editor, Enterprise Apps,  10/14/2020
News
Think Like a Chief Innovation Officer and Get Work Done
Joao-Pierre S. Ruth, Senior Writer,  10/13/2020
Slideshows
10 Trends Accelerating Edge Computing
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/8/2020
Register for InformationWeek Newsletters
Video
Current Issue
[Special Report] Edge Computing: An IT Platform for the New Enterprise
Edge computing is poised to make a major splash within the next generation of corporate IT architectures. Here's what you need to know!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll