Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

isn logo Information Security News mailing list archives

GAO: Many Federal Agencies Still Don't Meet Security Standards
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 22 Jul 2009 01:45:31 -0500 (CDT)
http://www.darkreading.com/insiderthreat/security/government/showArticle.jhtml?articleID=218501432

By Tim Wilson
DarkReading
July 20, 2009

Virtually all of the U.S. federal government's key civilian agencies are 
still falling short of the security marks they have been asked to meet, 
according to the Government Accountability Office (GAO).

In a report (PDF) issued earlier today, the GAO says of the 24 agencies 
reviewed, almost all had deficiencies in security controls and 
management, "leaving them vulnerable to attack or compromise." The GAO 
says it has made "hundreds" of recommendations to the agencies, yet many 
have not been addressed.

During the past three years, the number of incidents reported by federal 
agencies to U.S.-CERT has increased by almost 200 percent -- from 5,503 
in 2006 to 16,843 in 2008, according to the report. More than one-third 
of the incidents are still under investigation, and the sources of the 
compromises are not yet known.

Of the incidents in which the sources are known, approximately 22 
percent were caused by improper use of computers by authorized users, 
the report states. Eighteen percent of the compromises were caused by 
unauthorized access, and 14 percent were caused by malicious code. About 
12 percent of the breaches were caused by scans, probes, or attempted 
access by external attackers, the report says.

Of the 24 agencies reviewed, 13 reported "significant deficiencies" in 
information security, the GAO says. Seven agencies reported "material 
weaknesses" that still have not been repaired. Only four agencies 
reported "no significant weakness," the report states.

[...]


_______________________________________________      
Attend Black Hat USA, July 25-30 in Las Vegas, 
the world's premier technical event for ICT security experts.
Network with 4,000+ delegates from 50 nations.  
Visit product displays by 30 top sponsors in 
a relaxed setting. http://www.blackhat.com

  By Date           By Thread  

Current thread:
  • GAO: Many Federal Agencies Still Don't Meet Security Standards InfoSec News (Jul 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]