FedCFO Search Engine

@FedCFO Twitter Feed

Tuesday, July 24, 2007

Security weaknesses jeopardize DHS financial data

Continued weaknesses in IT controls at the Homeland Security Department are threatening efforts to maintain the integrity of financial data within the department, according to a new report released by the department’s Inspector General Richard L. Skinner.

The 154-page Information Technology Management Letter for the fiscal 2006 DHS Financial Statement Audit is a redacted version of an audit of IT control systems in the financial processing environment at DHS.

The weaknesses include “excessive access” to key DHS financial applications, incorrect configurations for security controls for key DHS financial applications and support systems and problems with processes in place for making changes to financial applications. Those change control processes were judged to be inappropriate, ineffective, not fully defined or not followed.

The audit also found numerous other problems, including instances of missing and weak passwords, background checks for contractors not being conducted at three DHS components and work stations configured without security patches.

Still other problems were a lack of IT system security certifications and accreditations, informal procedures and lack of documentation for changes made to financial systems and instances of incompatible functions that led to overrides of IT systems.

DHS Chief Information Officer Scott Charbo and Chief Financial Officer David Norquist agreed with the findings and recommendations, the report states.

- Alice Lipowicz, WashingtonTechnology.com


No comments: