The inability of the Department of Homeland Security to implement appropriate IT and application controls has placed at risk the confidentiality, integrity and availability of DHS's financial and operational data, according to an audit conducted for the department's inspector general.
"If left unaddressed," GAO says, "these issues will continue to increase FDIC's risk that its sensitive and financial information will be subject to unauthorized disclosure, modification or destruction."
Rep. Mary Bono Mack, at left in photo, wants security provider McAfee to brief the House subcommittee she chairs on its report of cyberattacks waged against governments and global businesses for more than five years it labels Shady RAT.
Documenting procedures for the State Department's custom-made, continuous-monitoring tool known as iPost will help ensure that the data collected are appropriately used to protect the agency's global IT system, a GAO audit says.
Organizations taking proper preventative measures realize a cost savings of nearly 25 percent over those that don't, an analysis of a survey sponsored by Hewlett-Packard reveals. Still, the study shows, it takes longer to resolve cyberattacks than it did a year ago.
"The lack of individual accountability over user accounts provides ample opportunities to conceal malicious activity such as theft or misuse of veteran data," VA Assistant Inspector General Belinda Finn says.
DOD's ability to develop an overarching budget estimate for full-spectrum, cyberspace operations has been challenged by the absence of clear, agreed-upon departmentwide budget definitions, GAO auditors tell the House Armed Services Committee.
Though America remains dominant on land, sea and air, technical and economic barriers to gain entry in cyberspace are much lower for adversaries, and as a result, place the United States' networks at great risk, GAO says.
Security experts at this week's Gartner Security and Risk Management Summit agree: Security, not compliance, has to be the new focus. Cyberintrusions cannot be stopped, and the RSA breach should be a lesson to the industry.