InvestorsHub Logo
Boards
News
Market Data
Markets
Discover
Discover
Subscribe Login/Register
S&P 500
5,461.79
(
-0.21%
)
US TECH 100
19,234.80
(
-0.12%
)
Dow Jones
39,123.35
(
-0.03%
)
Brent Oil
84.53
(
-0.56%
)
Bitcoin
63,441.23
(
-2.13%
)
Post# of 249125
Next 10
Reply Private New
Public Reply Private Reply New Post
Keep Last Read
Replies (2) Keep Next 10 Report Keyboard Shortcuts
Replies (2) Next 10 Prev Next

Fullmoon

Send PM Follow Ignore
Followers 28
Posts 1761
Boards Moderated 1
Alias Born 07/24/2003

Fullmoon

Re: None

Wednesday, 01/05/2011 6:40:10 PM

Wednesday, January 05, 2011 6:40:10 PM

Post# of 249125
GSA falls short in four critical cybersecurity areas

http://www.infosecurity-us.com/view/14956/gsa-falls-short-in-four-critical-cybersecurity-areas/

05 January 2011

The General Services Administration (GSA) needs to beef up its cybersecurity in four key areas, concluded an audit by the GSA’s inspector general.
In its FY 2010 audit under the Federal Information Security Management Act, the GSA inspector general acknowledged that the agency’s chief information officer (CIO) had taken steps to improve cybersecurity, including updating the GSA’s IT security policy, publishing guidance on information security topics, and expanding the security program to include cloud computing.

At the same time, the inspector general warned that the CIO needs to strengthen cybersecurity in four areas: secure monitoring of agency systems, oversight of audit logging and monitoring practices, implementation of multifactor authentication for systems processing sensitive information, and encryption of data on laptops.The audit noted that “numerous” cybersecurity weaknesses were identified in five GSA systems reviewed by the inspector general. These weaknesses result form “security misconfigurations of database or operating system software”.

According to the audit, “these weaknesses included database and operating system software that was not patched or securely configured and lax password management practices for database administrator accounts. As a result, these systems and their sensitive data were placed at an increased risk of inappropriate access, modification, or destruction.”

Regarding the lack of laptop encryption, the inspector general explained: “GSA laptops are not encrypted because GSA has experienced significant technical problems in integrating the chosen encryption solution in the GSA’s network.”

The inspector general recommended that the CIO take the following actions to improve the cybersecurity situation at the agency: strengthen configuration management practices for GSA systems; work with system security officials to prioritize the implementation of audit logging and monitoring controls; ensure that all systems remotely accessed implement multi-factor authentication; and implement encryption for agency laptops.

The CIO, Casey Coleman, had a terse response to the inspector general’s audit. In a Nov. 23 letter to the inspector general, Casey wrote: “My staff has reviewed the draft audit report and we concur with your audit findings and recommendations.”

Public Reply Private Reply New Post
Keep Last Read
Replies (2) Keep Last Read Next 10 Report Keyboard Shortcuts
Replies (2) Next 10 Prev Next

Join the InvestorsHub Community

Register for free to join our community of investors and share your ideas. You will also get access to streaming quotes, interactive charts, trades, portfolio, live options flow and more tools.

Sign Up