Commentary
News We Already Know: Federal Agencies' Faltering IT Security Efforts
The Government Accountability Office has found "persistent weaknesses" that may leave federal agencies open to cyber-attacks, the GAO reported today.The Government Accountability Office has found "persistent weaknesses" that may leave federal agencies open to cyber-attacks, the GAO reported today.From DarkReading:
Of the incidents in which the sources are known, approximately 22 percent were caused by improper use of computers by authorized users, the report states. Eighteen percent of the compromises were caused by unauthorized access, and 14 percent were caused by malicious code. About 12 percent of the breaches were caused by scans, probes, or attempted access by external attackers, the report says.
More Security Insights
White Papers
More >>
- Mobile BI: Actionable Intelligence for the Agile Enterprise
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
Reports
More >>Webcasts
More >>
- Outsourcing Security: What Every Potential Cloud Security Customer Should Know
- Maximize ROI with Database Consolidation onto Private Clouds
Of the 24 agencies reviewed, 13 reported "significant deficiencies" in information security, the GAO says. Seven agencies reported "material weaknesses" that still have not been repaired. Only four agencies reported "no significant weakness," the report states.
Directly from the GAO findings, Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses:
According to our reports and those of agency inspectors general, persistent weaknesses appear in the five major categories of information system controls: (1) access controls, which ensure that only authorized individuals can read, alter, or delete data; (2) configuration management controls, which provide assurance that only authorized software programs are implemented; (3) segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection; (4) continuity of operations planning, which provides for the prevention of significant disruptions of computer-dependent operations; and (5) an agencywide information security program, which provides the framework for ensuring that risks are understood and that effective controls are selected and properly implemented.
Those issues, while challenging, aren't esoteric IT security issues. They're the basic blocking and tackling of good provisioning and identity management, configuration management, and risk management. And more agencies should have a better handle on their risks by now.
To follow my mobile security and technology observations, consider following me on Twitter.
Related Reading
 |
To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy. |
|
T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformaitonWeek Community t-shirt. So get posting! |
Subscribe to RSSResource Links
This Week's Issue
Technology Whitepapers
- Creating the Enterprise-Class Tablet Environment - by Yankee Group
- How To Regain IT Control In An Increasingly Mobile World - by BlackBerry
- The BlackBerry PlayBook tablet's Good Bones - by BlackBerry
- Red Alert: Why Tablet Security Matters - by BlackBerry
- New Visual and Wizard-Driven Paradigms for Exploring Data and Developing Analytic Workflows
Featured Resource
This is your portal to all the news, product information, technical data, and other information related to the topic of computer user authentication and certification. Visit us to find out how to ensure that computer users are who they say they are.
Learn More
