The Veterans Affairs Department expects the technical applications that are the foundation of its information security will be in place during the next fiscal year, said Robert Howard, VA’s chief information officer. Improving policies and procedures are a continuous process.
In the past few weeks, VA has awarded contracts that will let it perform port monitoring and use rights-management software to secure e-mail attachments, Howard told lawmakers today.
“We expect to see dramatic improvement in 2008,” he said at a hearing of the House Veterans Affairs Committee. VA provided similar testimony before the Senate committee last week.
The department is implementing information security in a comprehensive strategy instead of piecemeal at the same time it is reorganizing its information technology environment under a centralized IT approach, he said. VA plans to complete the reorganization in July 2008. Earlier this year, VA moved authority over 6,000 IT employees to the department CIO’s office from VA’s health, benefits and cemetery administrations.
The Government Accountability Office, however, said VA has lagged in its reorganization and the management processes needed to make that change occur. VA does not have a schedule of when it will complete milestones for the IT reorganization or a way to measure them, said Valerie Melvin, director of GAO’s workforce and management information systems issues.
VA may not complete its IT reorganization by next summer as planned because it has not put in place the management processes that support it and has not yet hired all the managers it needs to oversee it, she said. Although the department has gotten support from top executives and established a governance structure to manage resources, VA continues to operate without a single, dedicated implementation team to oversee the realignment, Melvin said.
“Unless VA dedicates a team to oversee the further implementation of the realignment — including defining and establishing the processes that will enable the department to address its IT management weaknesses — it risks delaying or missing the potential benefits of the realignment,” she told lawmakers. The department has tested only two of the planned 36 management processes.
Similarly, VA has implemented only four of GAO’s 26 prior IT security recommendations.
Digg
De.licio.us
Slashdot
Technorati
