http://www.nextgov.com/cybersecurity/2013/06/ig-dhs-does-not-track-security-training-system-administrator-contractors/64976/
By Aliya Sternstein
Nextgov
June 17, 2013
The Homeland Security Department does not keep tabs on whether contractors
that monitor vulnerabilities on federal networks have undergone training,
according to a new inspector general audit.
These private sector system administrators support CyberScope, a central
reservoir for incoming streams of data summarizing every federal agency's
computer security posture. The composite view of threat-levels is intended
to help Homeland Security leaders manage cyber risks governmentwide. The
account of an inadequate security training program for system
administrator contractors at DHS follows the alleged breach of top secret
files by a system administrator contractor at the National Security
Agency.
Homeland Security does not maintain records on who has taken security
awareness and specialized information technology training; nor does the
department ensure that all training requirements have been completed,
according to auditors.
"CyberScope contractors may not have received the appropriate skills or
knowledge to properly administer and secure the systems against potential
cyber threats," Frank Deffer, assistant inspector general for the office
of IT audits, wrote in the report.
[...]
_______________________________________________
ISN mailing list
[email protected]
http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org
