Monday October 13, 2008 10:23 PM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"very good"
on Akonix RogueAware
by abc | Oct 13, 2008 7:42 PM
 
"It sounds very good if it lives up to the statements"
on Kaspersky sends SOS to crack 1024 bit encryption key
by John Williams | Oct 11, 2008 11:57 AM
 
"Any good log system is going to be modular (separate from the web site itself), and more than ..."
on Popular porn site hacked by prudes
by Russ | Oct 9, 2008 7:21 PM
 
"Good"
on Yahoo patches Messenger ActiveX control flaws
by Francis Ayitey | Oct 6, 2008 10:48 AM
 
"With regard to the battle against cybercrime, Kaspersky Labs, the creator of the famous and ..."
on Eugene Kaspersky on the cybercrime arms race
by Mr. Anonymous | Oct 4, 2008 9:08 AM
Corporate Data

US Feds lacking in data security

  • Email a Friend
  • Print Page
Related Articles
By Sue Marquette
Feb 27, 2008 10:02 AM
Tags: "data | security" | "US | feds" | "report | data | security" | 'government | accountability | office | report" | "gao | report"
The report, "Information Security: Protecting Personally Identifiable Information," was spurred on by the major security breach at the Department of Veterans Affairs(VA) in 2006, when a laptop containing the names, Social Security numbers and other personal information of millions of veterans was stolen.

Sen. Norm Coleman, R-Minn., and Rep. Susan Davis, D-Calif., requested that GAO identify federal laws already in place and to investigate and describe the state of IT security compliance of 24 federal agencies.

GAO recommendations included encrypting data on mobile computers and other devices that carry agency data, and using a National Institute of Standards and Technology (NIST) checklist to properly categorise any data deemed personally identifiable information that is accessed remotely or physically transported outside the agency.

Only two agencies – Treasury and Transportation – meet all the recommendations for compliance, while two others – Small Business Administration and National Science Foundation – met none, the GAO report said. The other 20 agencies comply to some but not all of the GAO report's recommendations for better security and privacy.

The VA does not yet fully comply with all the GAO recommendations, but is working to improve its security, a VA spokesman told SCMagazineUS.com
Tuesday.

"VA is committed to ensuring the personal information of our veterans is secured,” said Matt Smith, a department spokesman. “We are continually enhancing our protections and welcome opportunities to improve."

While John Dasher, director of product management at encryption provider PGP, said he applauds the GAO for highlighting the need for more agency security, he believes the report and subsequent actions fall short.

“There is no real plan behind the report,” he told SCMagazineUS.com Thursday. “It talks about encryption, which is a good thing, but an enforceable policy is necessary. If you put rules in place, you need to take action to make sure people follow those rules.”

A representative from the federal Office of Management and Budget, which has released two memos mandating federal agencies implement data security safeguards and breach notification protocols, did not respond to a request for comment.

See original article on scmagazineus.com

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Breaches & Exposures Whitepapers
 
Popular Tags
breach censors control data device endpoint enterprise gartner government identity information loss member network problem report security sophos utimaco web