US audit finds weak infosec practices in government


By Dylan Bushell-Embling
Tuesday, 06 October, 2015


US audit finds weak infosec practices in government

The US Government Accountability Office has found “persistent weaknesses” in the way 24 federal government agencies are approaching information security.

An audit by the office found fault with the way the US agencies are applying security policies and practices.

The office identified weakness in areas including limiting and detecting inappropriate access to computer resources, managing hardware and software configuration, and segregating duties to prevent a single person having control over all key aspects of an IT-based operation.

Other problem areas include continuity planning, security risk management and the implementation of agency-wide security management programs.

“These deficiencies place critical information and information systems used to support the operations, assets, and personnel of federal agencies at risk, and can impair agencies’ efforts to fully implement effective information security programs,” the report states.

“In prior reports, GAO and inspectors general have made hundreds of recommendations to agencies to address deficiencies in their information security controls and weaknesses in their programs, but many of these recommendations remain unimplemented.”

The report finds that the US Government has had only “mixed” success in meeting federal legislative requirements for information security.

It recommends that the Office of Management and Budget should work with the Department of Homeland Security to develop a consistent and comparable set of ratings for agency security performance for inspection purposes.

Image courtesy of lungstruck under CC

Related Articles

Harnessing observability to secure Australia's critical infrastructure

Observability will play a strategic role in fostering digital resilience and innovation in...

Securing major events takes over a decade of strategising

Eight years out from Brisbane 2032, there are two remaining 'live' opportunities for...

The need to cap the ATO's access to personal data

It's time the ATO leveraged technology for a fairer tax ecosystem.


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd