TRENDING:

Excessive Unauthorized Access at DHS

IG Audit: Critical Data May be Exposed Eric Chabrow (GovInfoSecurity) • May 20, 2009     Are too many wandering eyes employing Department of Homeland Security's IT systems to gander sensitive DHS financial documents?

An audit by DHS's inspector general, made public Wednesday, identified IT general control weaknesses, the most significant from a financial statement audit perspective that includes:

Excessive access to key DHS financial applications.

Application change control processes that are inappropriate, not fully defined, followed, or effective.

Service continuity issues impacting DHS's ability to ensure that DHS financial data is available when needed.

"Collectively, the IT control weaknesses limited DHS's ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity and availability," the 140-page, heavily redacted audit states. "In addition, these weaknesses negatively impacted the internal controls over DHS's financial reporting and its operation and we consider them to collectively represent a material weakness for DHS under standards established by the American Institute of Certified Public Accountants."

The audit wasn't all critical of DHS's performance. "During FY 2008, DHS components took significant steps to improve their financial system security and address prior year IT control weaknesses, which resulted in the closure of more than 40 percent of our prior year IT control findings," the audit says. "Additionally, some DHS components reduced the severity of the weaknesses when compared to findings reporting in the prior year."

Also see, DHS's Progress in Disaster Recovery Planning for Information Systems and Challenges Remain In Executing DHS's Intelligence Systems' IT Program.

Previous
Creating an IT Security Culture
Next
Disk with 100K SSN Missing from National Archives

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.



Around the Network

How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.