TRENDING:

IG Gives DHS Intel System Clean Bill of Health, of Sorts

Intel Program Deemed Effective, But IG Raises Some Concerns September 29, 2010    
IG Gives DHS Intel System Clean Bill of Health, of Sorts
The Department of Homeland Security's intelligence systems got a clean bill of health, of sorts.

DHS's inspector general, in a declassified version of an audit released Wednesday, said the department maintains an effective, enterprisewide information management program for its intelligence systems by developing information security procedures and implementing effective security controls.

But like most IG and Government Accountability Office audits, there's a but in the findings. According to the IG, management oversight and operational issues remain regarding the effectiveness of the program:

"Concerns with system certification and accreditation documentation and the implementation of a formal information system security training and awareness program for intelligence personnel still exist. Further, because the Intelligence and Analysis Office is now responsible for the U.S. Coast Guard intelligence systems reporting, the office should continue to provide management oversight to ensure that the U.S. Coast Guard maintains an effective information technology security program and complies with FISMA and DHS requirements."

Being an unclassified summary on a classified audit report, the IG did not provide specifics.

The IG reviewed enterprisewide security program and practices for its Top Secret/Sensitive Compartmented Information intelligence systems as part of its regular review required by the Federal Information Security Management Act. Specifically, the IG examined DHS's security management, implementation and evaluation of its intelligence activities, including its policies, procedures, and system security controls for enterprisewide intelligence systems. It assessed the department's plan of action and milestones, certification and accreditation, privacy and incident reporting processes, as well as its security training and awareness program.

Previous
Cybersecurity Law: What Congress Can, Cannot Pass
Next
Security Pros Need Forensics Skills



Around the Network

Joe Sullivan on What CISOs Need to Know About the Uber Trial
Joe Sullivan on What CISOs Need to Know About the Uber Trial
Mapping Access - and Attack - Paths in Active Directory
Mapping Access - and Attack - Paths in Active Directory
How State Governments Can Regulate AI and Protect Privacy
How State Governments Can Regulate AI and Protect Privacy
Why Hospitals Should Beware of Malicious AI Use
Why Hospitals Should Beware of Malicious AI Use
How Biden's AI Executive Order Will Affect Healthcare
How Biden's AI Executive Order Will Affect Healthcare
Protocol Isolation: The Key to Securing OT Environments
Protocol Isolation: The Key to Securing OT Environments
Getting a Tighter Grip on Vendor Security Risk in Healthcare
Getting a Tighter Grip on Vendor Security Risk in Healthcare
How AI Can Help Speed Up Physician Credentialing Chores
How AI Can Help Speed Up Physician Credentialing Chores
AI in Healthcare: The Growing Promise - and Potential Risks
AI in Healthcare: The Growing Promise - and Potential Risks
Stopping Cloud Workload Attacks
Stopping Cloud Workload Attacks

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.