THE MAGAZINE

DHS Improves Its Infosec

By Peter Piazza

The Department of Homeland Security (DHS) has taken huge strides toward better protecting its networks, according to a report from the agency’s Inspector General (IG).

First, the agency has “completed a comprehensive inventory of its major applications and general support systems, including contractor and national security systems.”

Second, it has implemented a certification and accreditation (C&A) tool that will allow it to complete C&A for all the agency’s systems.

Despite the improvements, the agency still has a lot of work ahead of it. The IG report noted, however, that “DHS has not improved its incident detection, handling, reporting, and analysis procedures during the last year,” nor does it have a vulnerability assessment program that ensures annual review of agency networks. DHS has set up an IT Security Training Working Group, but it has not yet implemented a Web-based IT security training program that was originally scheduled to be rolled out in 2004. And, the IG notes, existing security awareness training does not explain the department’s policy on peer-to-peer file sharing.

@ Evaluation of DHS’s Information Security Program for Fiscal Year 2005 is available at SM Online.

AttachmentSize
dhs_it0106.pdf853.47 KB

Comments

 

The Magazine — Past Issues

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.