Soaring 250-feet above ground, Marines with the Reconnaissance and Sniper Platoons of 1st Battalion, 5th Marine Regiment, 11th Marine Expeditionary Unit , get a bird’s eye view of the surrounding area during a special purpose insertion/extraction refresher Jan. 13, 2008, at Camp Buehring in Kuwait. U.S. Marine Corps photo byCpl. Scott M. Biscuiti.
RECENT CONTENT:
» Earmarks up and down
August 19th, 2008
» Stevens makes nice profit
August 19th, 2008
» Musharraf resigns control
August 18th, 2008
» Downturn is good news
August 17th, 2008
» Russian attacks looming?
August 17th, 2008
Government security: sensitive data remain at risk
By: Jim Kouri | Submitted on: 06/12/07EDITORIAL - For many years, the Government Accounting Office has reported that weaknesses in information security are a widespread problem with potentially devastating consequences --such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information -- and has identified information security as a government-wide high-risk issue.
Concerned by reports of significant vulnerabilities in federal computer systems, Congress passed the Federal Information Security Management Act of 2002 (FISMA), which permanently authorized and strengthened the information security program, evaluation, and reporting requirements for federal agencies.
In its testimony, GAO discussed security incidents reported at federal agencies, the continued weaknesses in information security controls at major federal agencies, agencies' progress in performing key control activities, and opportunities to enhance FISMA reporting and independent evaluations.
Federal agencies have recently reported a spate of security incidents that put sensitive data at risk. Personally identifiable information about millions of Americans has been lost, stolen, or improperly disclosed, thereby exposing those individuals to loss of privacy, identity theft, and financial crimes.
The wide range of incidents involving data loss or theft, computer intrusions, and privacy breaches underscore the need for improved security practices.
As illustrated by these security incidents, significant weaknesses in information security controls threaten the confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of federal agencies. Almost all of the major federal agencies had weaknesses in one or more areas of information security controls.
Most agencies did not implement controls to sufficiently prevent, limit, or detect access to computer networks, systems, or information. For example, agencies did not consistently identify and authenticate users to prevent unauthorized access, apply encryption to protect sensitive data on networks and portable devices, and restrict physical access to information assets.
In addition, agencies did not always manage the configuration of network devices to prevent unauthorized access and ensure system integrity, such as patching key servers and workstations in a timely manner; assign incompatible duties to different individuals or groups so that one individual does not control all aspects of a process or transaction; and maintain or test continuity of operations plans for key information systems.
An underlying cause for these weaknesses is that agencies have not fully or effectively implemented agencywide information security programs.
Nevertheless, federal agencies have continued to report steady progress in implementing certain information security requirements. However, IGs at several agencies sometimes disagreed with the agency's reported information and identified weaknesses in the processes used to implement these and other security program activities. Further, opportunities exist to enhance reporting under FISMA and the independent evaluations completed by IGs.
Concerned by reports of significant vulnerabilities in federal computer systems, Congress passed the Federal Information Security Management Act of 2002 (FISMA), which permanently authorized and strengthened the information security program, evaluation, and reporting requirements for federal agencies.
In its testimony, GAO discussed security incidents reported at federal agencies, the continued weaknesses in information security controls at major federal agencies, agencies' progress in performing key control activities, and opportunities to enhance FISMA reporting and independent evaluations.
Federal agencies have recently reported a spate of security incidents that put sensitive data at risk. Personally identifiable information about millions of Americans has been lost, stolen, or improperly disclosed, thereby exposing those individuals to loss of privacy, identity theft, and financial crimes.
The wide range of incidents involving data loss or theft, computer intrusions, and privacy breaches underscore the need for improved security practices.
As illustrated by these security incidents, significant weaknesses in information security controls threaten the confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of federal agencies. Almost all of the major federal agencies had weaknesses in one or more areas of information security controls.
Most agencies did not implement controls to sufficiently prevent, limit, or detect access to computer networks, systems, or information. For example, agencies did not consistently identify and authenticate users to prevent unauthorized access, apply encryption to protect sensitive data on networks and portable devices, and restrict physical access to information assets.
In addition, agencies did not always manage the configuration of network devices to prevent unauthorized access and ensure system integrity, such as patching key servers and workstations in a timely manner; assign incompatible duties to different individuals or groups so that one individual does not control all aspects of a process or transaction; and maintain or test continuity of operations plans for key information systems.
An underlying cause for these weaknesses is that agencies have not fully or effectively implemented agencywide information security programs.
Nevertheless, federal agencies have continued to report steady progress in implementing certain information security requirements. However, IGs at several agencies sometimes disagreed with the agency's reported information and identified weaknesses in the processes used to implement these and other security program activities. Further, opportunities exist to enhance reporting under FISMA and the independent evaluations completed by IGs.
Jim Kouri, CPP is currently fifth vice-president of the National Association of Chiefs of Police. He's former chief at a New York City housing project in Washington Heights nicknamed "Crack City" by reporters covering the drug war in the 1980s. In addition, he served as director of public safety at a New Jersey university and director of security for several major organizations.
