Search FCW

Advanced Search
Subscribe Now!
Table of Contents
Sprint
Business
BPM
CXOs
Columns
Columnists
Defense
E-Government
Elections 2008
Enterprise Architecture
Funding
Homeland Security
Health IT
IPv6
LOB
Management
Procurement
Privacy
Policy
Program Management
State and Local
Security
Technology
Telework
Training and Certification
Workforce

More Topics
resourcecenter
Home
Letters to the Editor
Current Issue/Download
Print/Online Archives
Editorial Calendar
researchstore
resourcecenter
Communications for Continuity Operations

Oracle Resource Center
NEW! Transforming Data Center
Managed Services
Service Oriented Architecture
Training & Simulation
Networking Communications
Security Directives and Compliance
Data Center Virtualization
Air Force ELSG Contract Guide

More >>



Latest News
ADVERTISEMENT




 

DHS needs to wrap up effort to protect personal data, IG says

By Wade-Hahn Chan
Published on February 21, 2007

Comment

Click here to comment on this article

Related story links

DHS’s Implementation of Protective Measures for Personally Identifiable Information

Data loss gets personal

Subcommittee will examine information privacy, security

2006: A year of public humiliation for the VA

Newsletters

You might also be interested in these FCW newsletters:

Daily

To learn more, click here.

The Homeland Security Department still must do a lot of work to ensure the security of sensitive and personally identifiable information that is stored on its systems, according to the DHS inspector general.

DHS officials are working on the problem, falling in line with guidelines issued by the Office of Management and Budget on security controls, according to a memorandum from IG Richard Skinner. They have updated DHS policies and procedures to reflect OMB's recommendations, and they have begun the process of identifying and protecting systems that store sensitive data.

But they have a long way to go, the memo states. The IG is especially concerned about mobile devices. For example, 12 of 16 component agencies in DHS have yet to encrypt sensitive information on their laptops and other mobile computing devices.

Agency officials say they are running into problems with hardware limitations, insufficient software licenses and incomplete inventories, according to the memo, but they say they are making progress.

“Until adequate encryption mechanisms have been implemented, there is increased risk that sensitive data or [personally identifiable information] may be compromised through the loss or theft of laptop computers and mobile computing devices,” the IG stated.

The IG is also concerned that the department has not followed OMB guidelines for protecting systems that can be accessed by remote users. In their interviews with officials at component agencies, the IG's office found that their efforts to improve remote access and storage controls were hindered by “uncertainty regarding the applicability and scope of the OMB recommendations and new DHS requirements.”

The IG recommends that the department's chief information officer identify those gray areas and provide additional guidance.

The IG also recommends:

  •  The chief privacy officer should ensure that the department wraps up the inventory of affected systems.
  •  The CIO should ensure that DHS agencies encrypt all personal data stored on laptop computers and mobile devices, as well as data transported and stored at alternate facilities.
  •  The CIO should also improve the security of electronic copies or extracts of personal data. Such data should be erased within 90 days if no longer required.

upcoming event

Green Computing Summit, Ronald Reagan Building, Washington, DC
December 2 - December 3, 2008

Trusted Internet Connection and the Comprehensive National Cyber Security Initiative, The Willard Intercontinental Hotel, Washington, DC
December 4, 2008


 

head
fcw
issue
First Name State
Last Name Zip
Title Email
     

Home | About | Contact | Customer Help | Privacy Policy | Editorial Info | Advertise | Link policy / Reprints | Site Map


1105 Media, Inc.

© 1996-2008 1105 Media, Inc. All Rights Reserved.