Department of Homeland Security’s Cyber Security Still Vulnerable

According to a recent report by the Office of the Inspector General, the Department of Homeland Security still has a lot of work to do when it comes to the agency’s cyber security posture.

The audit report published on September 4, 2015, highlights two specific OIG recommendations that remain unresolved.

Number 1: Individuals with major security responsibilities have yet to receive “annual specialized security training”.

The OIG made a statement mentioning that when the mandatory training is not provided, components cannot guarantee that their personnel with major security responsibilities have the appropriate skills and knowledge to properly manage and secure systems against potential attacks.

The DHS acknowledged their lack of training and said that by November 30, 2015, it would “leverage any/all applicable Virtual University training opportunities related to information systems security.”

Number 2: The report identified a variety of vulnerabilities on internal websites, stating they could allow “unauthorized individuals to gain access to sensitive data.”

Cross-frame scripting vulnerabilities that could potentially be used to mislead an authentic user into turning over sensitive information as well as structured query language injection vulnerabilities that could lead to the alteration of support infrastructure were among the few flaws found within their internal websites.

Even worse, the United States Immigration and Customs Enforcement (ICE), which is part of the DHS, confirmed it does not use a vulnerability assessment tool to scan its websites.

Although the OIG acknowledged that the DHS has strengthened their performance in cyber missions, it appears there’s still a lot of work to be done to strengthen their cyber security environment.

The concept of security best practices have been developed for a reason, and the unfortunate reality is, these breaches will continue to happen without the best security practices and solutions in place. With NNT’s Change Tracker Gen7, you’ll be equipped with solutions like File Integrity Monitoring and Change & Configuration Management to help protect your cyber security environment from a potential hack or breach.

 

 

Read the full OIG Audit Report

Read the full article on SC Magazine

 

 

 

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.