IG report calls DHS IT security inadequate
Alice Lipowicz writes in GCN.com:
The Homeland Security Department’s IT systems continue to be plagued by weak access controls and a lack of contingency planning, according to a new report released by the department’s Office of the Inspector General.
“The most significant weaknesses from a financial audit perspective relate to information security (entity-wide security, access controls and systems software),” states the IT Management Letter for the Fiscal 2004 Financial Statement Audit, written by the KPMG LLP accounting firm in December 2004. A redacted version of the management letter has been made public by the inspector general.
“Collectively, the IT control weaknesses limit DHS’ ability to ensure that critical financial and operational data is maintained in such a manner to ensure confidentiality, integrity and availability,” the letter stated.
KPMG found significant access control vulnerabilities with internal IT devices inside firewalls that may allow some personnel unauthorized access. “In some cases, users are able to access test and development devices with group passwords, system default passwords or the same passwords with which they log into production devices,” the letter said.
0 Comments:
Post a Comment
<< Home