US audit finds weak infosec practices in government


By Dylan Bushell-Embling
Tuesday, 06 October, 2015


US audit finds weak infosec practices in government

The US Government Accountability Office has found “persistent weaknesses” in the way 24 federal government agencies are approaching information security.

An audit by the office found fault with the way the US agencies are applying security policies and practices.

The office identified weakness in areas including limiting and detecting inappropriate access to computer resources, managing hardware and software configuration, and segregating duties to prevent a single person having control over all key aspects of an IT-based operation.

Other problem areas include continuity planning, security risk management and the implementation of agency-wide security management programs.

“These deficiencies place critical information and information systems used to support the operations, assets, and personnel of federal agencies at risk, and can impair agencies’ efforts to fully implement effective information security programs,” the report states.

“In prior reports, GAO and inspectors general have made hundreds of recommendations to agencies to address deficiencies in their information security controls and weaknesses in their programs, but many of these recommendations remain unimplemented.”

The report finds that the US Government has had only “mixed” success in meeting federal legislative requirements for information security.

It recommends that the Office of Management and Budget should work with the Department of Homeland Security to develop a consistent and comparable set of ratings for agency security performance for inspection purposes.

Image courtesy of lungstruck under CC

Related Articles

Building secure AI: a critical guardrail for Australian policymakers

While AI has the potential to significantly enhance Australia's national security, economic...

Building security‍-‍centric AI: why it is key to the government's AI ambitions

As government agencies test the waters of AI, public sector leaders must consider how they can...

State government agencies still struggling with securing user access

Audit reports have shown that Australian government agencies in four states experience challenges...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd