[Infowarrior] - DHS isn ¹ t protecting your personal information
Richard Forno
rforno at infowarrior.org
Thu Feb 22 20:46:49 EST 2007
DHS isn¹t protecting your personal information
By Michael Hampton
Posted: February 22, 2007 1:47 pm
http://www.homelandstupidity.us/2007/02/22/dhs-isnt-protecting-your-personal
-information/
The Department of Homeland Security isn¹t sufficiently protecting personally
identifiable information on its computer systems, though it is making
progress, according to an inspector general¹s report.
DHS is still trying to determine which of its 699 computer systems require
security measures to protect personally identifiable information, has not
encrypted most of its laptops, rarely encrypts personal information
transported or stored offsite, doesn¹t have sufficient security for remote
users, and doesn¹t track and destroy copies made of personal information,
according to the report (PDF) from IG Richard Skinner.
³Until adequate encryption mechanisms have been implemented, there is
increased risk that sensitive data or [personally identifiable information]
may be compromised through the loss or theft of laptop computers and mobile
computing devices,² the report said.
The IG is also concerned that the department has not followed OMB
guidelines for protecting systems that can be accessed by remote users. In
their interviews with officials at component agencies, the IG¹s office found
that their efforts to improve remote access and storage controls were
hindered by ³uncertainty regarding the applicability and scope of the OMB
recommendations and new DHS requirements.²
The IG recommends that the department¹s chief information officer
identify those gray areas and provide additional guidance. Federal
Computer Week
Computer security has been a long-standing challenge for the Department of
Homeland Security, one it has yet to meet.
A previous Inspector General¹s report found last October that DHS hasn¹t
sufficiently been able to ensure the computer security of its systems
generally. For example, computers could be improperly secured and nobody
would know because the security paperwork had in many cases been fudged.
In this case, though, it¹s your personal information not being encrypted,
not well secured, and vulnerable to the next hacker or identity thief.
Comments RSS -
More information about the Infowarrior
mailing list