The Department of Homeland Security (DHS) has made many improvements in its information security program, according to the agency's Inspector General (IG). However, he notes in a new report that the agency still lacks "an accurate and complete system inventory." An effort is being made to create such an inventory with assistance from an outside contractor, but without an inventory in place, the IG was unable to determine whether systems have been properly certified and accredited.
Areas identified in which the agency's information security procedures "require strengthening" include its use of wireless technologies, remote access, vulnerability scanning and penetration testing, and incident detection. The IG also noted that security awareness training is lacking when it comes to potential security hazards such as peer-to-peer file sharing.
Appendices to the report detail agencywide security configuration requirements and incident detection and handling procedures.
@ The report, Evaluation of DHS' Information Security Program for Fiscal Year 2004, is available at SM Online.