Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
US federal agencies have over the past five years experienced a 650 percent increase in malware infections and other security incidents.
Figures reported to the US Government Accountability Office (GAO) state that 41,776 security incidents in 2010 – such as virus and worm outbreaks, unauthorised access ,and denial of service – compared to just 5,503 in 2006.
The GAO audits uncovered government-wide weaknesses in information security controls that increased risk to IT systems.
Assessments conducted last year found each of the 24 US major federal agencies had deficient access controls and problems in configuration and security management.
“Weakness in [agencies'] information security policies and practices compromised their efforts to protect against threats,” the report said.
Most of the hundreds of security improvement recommendations made by GAO to agencies over the last two years were not implemented.
The US Internal Revenue Service (IRS) had not sufficiently restricted employee access to databases, or remediated many other previously reported security issues, the office said.
“As a result, financial and taxpayer information remain unnecessarily vulnerable to insider threats and at increased risk of unauthorised disclosure, modification or destruction.”
And the IRS isn't alone.
The GAO report slammed the US Federal Deposit Insurance Corp. and the US National Archives and Records Administration.
None of the 24 agencies fully implemented an agency-wide information security program required by the US Federal Information Security Management Act (FISMA).
Despite the grim report card, the GAO noted that some progress has been made. It pointed to the CyberScope tool and risk metrics administered by the White House Office of Management and Budget that were used to encourage agencies to improve information security.
This article originally appeared at scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.