Visit www.barracudasecurity.com

Visit www.barracudasecurity.com

Legend

Location Of Theft in AQUA BLUE
URL Of Linked Article In STEEL BLUE or GREEN
Full Content Of Article In BLACK
Theft Description In Body Of Article in RED

Saturday, February 24, 2007

WASHINGTON DISCUSSION ON HOMELAND SECURITY AND PROTECTING PERSONAL INFORMATION DHS isn’t protecting your personal information - Homeland Stupidity:

DHS isn’t protecting your personal information

The Department of Homeland Security isn’t sufficiently protecting personally identifiable information on its computer systems, though it is making progress, according to an inspector general’s report.

DHS is still trying to determine which of its 699 computer systems require security measures to protect personally identifiable information, has not encrypted most of its laptops, rarely encrypts personal information transported or stored offsite, doesn’t have sufficient security for remote users, and doesn’t track and destroy copies made of personal information, according to the report (PDF) from IG Richard Skinner.

“Until adequate encryption mechanisms have been implemented, there is increased risk that sensitive data or [personally identifiable information] may be compromised through the loss or theft of laptopcomputers and mobile computing devices,” the report said.

The IG is also concerned that the department has not followed OMB guidelines for protecting systems that can be accessed by remote users. In their interviews with officials at component agencies, the IG’s office found that their efforts to improve remote access and storage controls were hindered by “uncertainty regarding the applicability and scope of the OMB recommendations and new DHS requirements.”

The IG recommends that the department’s chief information officer identify those gray areas and provide additional guidance. — Federal Computer Week

Computer security has been a long-standing challenge for the Department of Homeland Security, one it has yet to meet.

A previous Inspector General’s report found last October that DHS hasn’t sufficiently been able to ensure the computer security of its systems generally. For example, computers could be improperly secured and nobody would know because the security paperwork had in many cases been fudged.

In this case, though, it’s your personal information not being encrypted, not well secured, and vulnerable to the next hacker or identity thief.

Posted by Nodrog at 3:07 PM
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)