Problems with agency IT security are again under the spotlight, with reports from both Australia and the US highlighting widespread problems with compliance. The recent Australian National Audit Office (ANAO) report exposing serious inadequacies in the security of key government agencies gels nicely with a new federal information security analysis from the US highlighting the vulnerability of civilian government agencies there.
Special Minister of State Gary Nairn has expressed disappointment at the findings of the ANAO report, which found key government agencies faced risks to the confidentiality, integrity and availability of government information, data and systems.
The report criticized six key agencies for their failure to comply with the Protective Security Manual (PSM) and ACSI 33 and urged agencies to document how they balanced risks against potential benefits when introducing new technologies like wireless and voice technologies. And it noted that agencies needed to lift their game in areas like e-mail filtering. All agencies audited could improve performance in one or more aspects of managing Internet security, such as the development of system security plans, it found.
The ANAO also found that while several of the six agencies had initiated development of business continuity and disaster recovery plans for their Internet services, only one had sound plans in place. Two other agencies were largely reliant on the knowledge of key staff and had few documented procedures; some agencies produced documents only in draft form and some plans had not been regularly reviewed.
"Lack of appropriate business continuity and disaster recovery planning can increase the time taken to recover information after interruptions to an agency's computer system, and lead to agencies being unable to recover critical Internet services quickly, contributing to a failure to deliver services to the community," the report says.
Included amongst compliance failings was the fact that agencies lacked "systematic and coordinated program for the ongoing management of ICT security-related risk assessments." And the ANAO found agencies had made no link between security policies and system security plans and their ICT risk assessments.
Failure to adhere to the requirements of the PSM and ACSI 33 heightened the risk of for agency information to be compromised, affecting the agencies' ability to provide services, the reported noted.
The agencies were Customs, Australian Federal Police, Australian Radiation Protection and Nuclear Safety Agency, Department of Employment and Workplace relations, Department of Industry, Tourism and Resources, and Medicare.
Meanwhile a report from government business consultants INPUT finds US CIOs and CISOs in civilian federal government agencies are not, on the whole, failing to adhere to policies and standards due to a lack of availability. Rather, it faults the decentralization of IT departments within federal agencies. INPUT says decentralization dilutes a CIO's ability to effectively manage and oversee configuration management across the department.
"CIO/CISOs face many challenges in developing, implementing, and enforcing standard device configurations across a federal department. They have generally lacked department-wide management and implementation authority for IT and information security programs because they lack input and decision making ability at the executive program level. Some of these challenges must be addressed at the executive level of the federal government and involve the overall architecture and ownership of federal government networks," INPUT says.
The report also found a failure to standardize configurations for all network devices has left US Federal civilian agencies at a high level of risk for security breaches. INPUT predicts agency moves to develop consistent and unified security configurations will create numerous opportunities for technology vendors with strong configuration and patch management capabilities and offerings.
"A sound configuration management process requires enforcement of policies along with the development and implementation of new business processes and technologies," Bruce Brody, vice president, information security at INPUT says. "The steps for developing and maintaining a configuration management plan are configuration and policy development, configuration migration, and patch management."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from CIO and leading technology partners.- White PaperWhat you don’t know can destroy your business. It’s hard to imagine modern business without the internet but in the last few years it has become fraught with danger. Read on to discover how internet security can give your business a competitive advantage.
- White PaperYour organisation may well have devised and implemented an Acceptable Use Policy (AUP) some time ago in order to guard against the risks of inappropriate use of computer systems by your workers, but are you confident that your AUP remains 'fit for purpose'? Read on to discover how you can enhance the effectiveness of your AUP.
- White PaperJoin Ed Thompson, Research VP, featured analyst firm, Gartner, Inc., and Brad Wilson, General Manager CRM Microsoft Dynamics, for a new webcast, Delivering the Power of Choice with Microsoft Dynamics CRM, available now. Our panel will break down the best practices for getting the most out of CRM and you'll learn key recommendations you can implement in your organization. Additionally, you'll also hear Microsoft's vision for CRM.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
CIO Live Podcast #79: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires Part II 05 October, 2007 06:00:00
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #78: Brent D Taylor, author of The Outsider's Edge: The Making of Self-Made Billionaires 28 September, 2007 17:34:25
For his new book, The Outsider's Edge: The Making of Self-Made Billionaires, social researcher Brent D Taylor spent four years of intensive research investigating the psychological make-up and backgrounds of some of the world's richest men and women, including IT luminaries Bill Gates, Larry Ellison and Steve Jobs. Taylor discovered that, despite working in different industries and coming from different upbringings, they all have one thing in common -- they are all outsiders. - +
CIO Live Podcast #77: Panasonic Speeds Up Trans-Pacific File Transfers, Part III 21 September, 2007 07:00:00
Part three in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #76: Panasonic Speeds Up Trans-Pacific File Transfers, Part II 14 September, 2007 07:00:00
Part two in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance. - +
CIO Live Podcast #75: Panasonic Speeds Up Trans-Pacific File Transfers, Part I 07 September, 2007 07:00:05
Part one in our three-part special report from CIO's sister publication Network World in the US, as Paul Desmond reports from the Network World IT Roadmap Conference in Santa Clara, California. With development teams in the US and Japan, Panasonic needed a more efficient way to move very large files between the two locations. Iben Rodriguez, IT consultant for Panasonic Research and Development, explains how a storage-area network and virtual server technology helped speed up WAN performance.
- +
TJX Maxx hacker banged up for 30 years 09 January, 2009 11:26:00
Key figure in the infamous TJX Maxx Wi-Fi hack of 2005 has been sentenced to 30-years in prison by a Turkish court.Maksym Yastremskiy, the Ukrainian accused of being a key figure in the infamous TJX Maxx Wi-Fi hack of 2005, has been sentenced to 30-years in prison by a Turkish court. - +
Data breaches rose sharply in 2008, says study 08 January, 2009 08:27:00
More than 35 million data records were breached in 2008, according to the Identity Theft Resource Center.More than 35 million data records were breached in 2008 in the U.S., a figure that underscores continuing difficulties in securing information, according to the Identity Theft Resource Center (ITRC). - +
Rogue SSL certificate exploit puts VeriSign on the spot 07 January, 2009 11:04:00
Wishes "white hat" researchers had notified VeriSign before public demo.Following the success of researchers last week in creating a false SSL certificate based on VeriSign's RapidSSL brand, the company is scrambling to explain how it happened, how it's preventing it from reoccurring, and whether its other SSL certificate-generation services are at risk. - +
With Gaza conflict, cyberattacks come too 05 January, 2009 08:03:00
Pro-Palestinian hackers have defaced thousands of sites following attacks in Gaza.The conflict raging in Gaza between Israel and Palestine has spilled over to the Internet. - +
5 ways to secure your Blackberry 18 December, 2008 12:58:00
What do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your handsWhat do Tom Cruise and the McCain campaign have in common? They have both been bitten by the loss of a Blackberry. Mobile expert Dan Hoffman gives advice on how to keep your cherished mobile device safe, even if it's out of your hands.
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Research software developer appoints Susan Dart to new Business Development Director role 08 January, 2009 09:08:00
Anyware Introduce Two Powerful PCI TV Tuner Cards with S5 Power Up and Windows Media Center Remote 07 January, 2009 17:30:00
Fortinet Cures Mobile Phone “Curse of Silence/CurseSMS” Attack 07 January, 2009 16:30:00
SEAGATE SHIPS DESKTOP HARD DRIVE WITH WORLD’S HIGHEST AREAL DENSITY – 500GB PER DISK 06 January, 2009 15:34:00
|
||
|
||
|
|
||
|
Business Intelligence and Enterprise Performance Management: Trends for Emerging Businesses
Hyperion surveyed 163 companies to understand BI and EPM requirements, evaluation processes, and extent of adoption. Top areas of current and future investment for emerging businesses include budgeting and planning as well as management reporting solutions. Read on to discover more.
