Excessive Unauthorized Access at DHS

IG Audit: Critical Data May be Exposed Are too many wandering eyes employing Department of Homeland Security's IT systems to gander sensitive DHS financial documents?

An audit by DHS's inspector general, made public Wednesday, identified IT general control weaknesses, the most significant from a financial statement audit perspective that includes:

Excessive access to key DHS financial applications.

Application change control processes that are inappropriate, not fully defined, followed, or effective.

Service continuity issues impacting DHS's ability to ensure that DHS financial data is available when needed.

"Collectively, the IT control weaknesses limited DHS's ability to ensure that critical financial and operational data were maintained in such a manner to ensure confidentiality, integrity and availability," the 140-page, heavily redacted audit states. "In addition, these weaknesses negatively impacted the internal controls over DHS's financial reporting and its operation and we consider them to collectively represent a material weakness for DHS under standards established by the American Institute of Certified Public Accountants."

The audit wasn't all critical of DHS's performance. "During FY 2008, DHS components took significant steps to improve their financial system security and address prior year IT control weaknesses, which resulted in the closure of more than 40 percent of our prior year IT control findings," the audit says. "Additionally, some DHS components reduced the severity of the weaknesses when compared to findings reporting in the prior year."

Also see, DHS's Progress in Disaster Recovery Planning for Information Systems and Challenges Remain In Executing DHS's Intelligence Systems' IT Program.

About the Author

Eric Chabrow

Eric Chabrow

Retired Executive Editor, GovInfoSecurity

Chabrow, who retired at the end of 2017, hosted and produced the semi-weekly podcast ISMG Security Report and oversaw ISMG's GovInfoSecurity and InfoRiskToday. He's a veteran multimedia journalist who has covered information technology, government and business.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.