IG audit reveals own laptop security lapses

The Homeland Security Department's shortcomings in information security extend to its own Office of the Inspector General, according to a new report.

The inspector general's office ? which frequently criticizes the department for IT security lapses ? is not doing a good job in securing sensitive data on the office's own laptop computers, according to the audit performed by Frank W. Deffer, assistant inspector general for information technology. A redacted version was posted on the office's Web Site.

Based on testing of 94 laptop computers, it was found that the office has failed to implement required security settings on its sensitive but unclassified and classified laptops, according to the report. In addition, there are no effective procedures to patch in computers that are not regularly used, to maintain an accurate inventory, to clear sensitive data from old laptops prior to reuse and to apply appropriate classification labels.

"Significant work remains for the Office of the Inspector General to further strengthen the configuration, patch and inventory management controls necessary to protect its government-issued laptop computers," the executive summary of the report stated.

To repair the problems, the office must remedy existing vulnerabilities, establish new procedures, implement an inventory system, sanitize computers and develop a risk assessment, among other steps.

About the Author

Alice Lipowicz is a staff writer covering government 2.0, homeland security and other IT policies for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above.

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here

Washington Technology Daily

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.


contracts DB