INFORMATION

Site Map - Government

Quick Bytes : Vulnerable infrastructure

- Federal agencies are not consistently implementing the basics of information security, such as performing periodic risk assessments, developing and maintaining up-to-date security plans, creating and testing contingency plans, and evaluating and monitoring the effectiveness of security controls, according to a report from the Government Accountability Office (GAO). @ Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures is at SM Online.

Vulnerable infrastructure

- Federal agencies are not consistently implementing the basics of information security, such as performing periodic risk assessments, developing and maintaining up-to-date security plans, creating and testing contingency plans, and evaluating and monitoring the effectiveness of security controls, according to a report from the Government Accountability Office (GAO). @ Protecting the Federal Government's Information Systems and the Nation's Critical Infrastructures is at SM Online.

IRS fails audit.

- The Internal Revenue Service (IRS) has submitted to the Department of the Treasury and the Office of Management and Budget (OMB) "inaccurate and misleading" information about the state of its information-security programs, according to a report prepared by an assistant inspector general for audit with the Department of the Treasury, who undertook a review of the IRS's process for monitoring its program- and system-level security weaknesses. @ Go to SM Online for more on the report. .

Biometric standards released

- A paper from the National Institute of Standards and Technology (NIST) defines technical acquisition and formatting requirements of biometric credentials for Homeland Security Presidential Directive 12, which calls for identity credentials that are interoperable between agencies. @ Link to NIST Special Publication 800-76, Biometric Data Specification for Personal Identity Verification, at SM Online.

Information security

- On the authority of a 2000 law that amends the Atomic Energy Act of 1954, the Department of Energy (DOE) has issued regulations that will allow the department to impose civil penalties on contractors for breaches of information security.

Did You Know That?

- Are companies wising up about premises liability, or are more meritless claims being filed? Either way, plaintiffs are winning a smaller percentage of suits. In 1992, plaintiffs won in 44.4 percent of cases in which they reached a jury trial in state court in one of the 75 largest U.S. counties.

Nuclear proliferation

- Several U.S. departments are trying to help Russia secure its nuclear materials, but their efforts are not unified.

Quick Bytes: Government report card

- It's government IT security grade time again, and as always, the news is not good. Seven agencies received a grade of F, including two-Commerce and Veterans Affairs-that respectively had a C- and a C in 2003. But there were improvements. The Agency for International Development received an A+, and the Department of Justice jumped from an F to a B-. @ The scorecard is available through SM Online.

Government report card.

- It's government IT security grade time again, and as always, the news is not good. Seven agencies received a grade of F, including two-Commerce and Veterans Affairs-that respectively had a C- and a C in 2003. But there were improvements. The Agency for International Development received an A+, and the Department of Justice jumped from an F to a B-. @ The scorecard is available through SM Online.

Port security

- In any tabletop exercise involving multiple authorities and jurisdictions, it’s virtually certain that some of the lessons learned involve the need for better coordination, clear lines of authority, and improved information sharing. And so it has been with Coast Guard exercises on port security, says the Government Accountability Office (GAO). According to GAO auditors, 59 percent of the 82 exercises studied raised communication issues, including problems with interoperable radio communications, failure to share information with other agencies, and difficulties in accessing necessary classified information. Almost as many exercises were plagued with resource problems, including poor facilities or equipment. Forty-one percent of the exercises raised concerns about the participants’ ability to coordinate a command and control system, for example. Part of the problem, acknowledges the GAO, is that the National Response Plan, launched in January, wasn’t in place during the exercises. That plan supercedes all existing federal interagency emergency response plans. SM Online takes you to the report.

C-TPAT

- The Customs-Trade Partnership Against Terrorism (C-TPAT). Green lanes. FAST (Free and Secure Trade) lanes. The Container Security Initiative. Smart containers. Automated Commercial Environment. These various cargo security programs and elements launched by the federal government may seem like a morass of overlapping parts. A new document by Customs and Border Protection (CBP) clears up much of the confusion as far as C-TPAT is concerned.

Did You Know That?

- How well has the FBI aligned itself with post 9-11 priorities? The National Academy of Public Administration (NAPA) says that the FBI “is making substantial progress in transforming itself into a strong domestic intelligence agency and has the will and many of the competencies required to accomplish it.” But the report makes 37 recommendations for change. Read the  report.

Report Finds Intel Flaws

- In 601 pages of exposition, the Commission on Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction laid bare the serious problems in the U.S. intelligence community. The commission’s report is packed with recommendations on topics such as management, collection, analysis, covert action, and counterinelligence. Read the report.
 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.