• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Cloud Computing   »   Audit raises cyber security questions for the VA

Audit raises cyber security questions for the VA

  • Posted on:July 9, 2013
  • Posted in:Cloud Computing, Current News, Cybercrime, Privacy & Policy
  • Posted by:
    Trend Micro
0

The U.S. Department of Veterans Affairs stores and deals with a lot of sensitive information on veterans and their families every day, so the results of a recent report by the department's Office of Inspector General is not a welcome sign. According to the audit, VA is lacking in cyber security disciplines where one would expect administrators to be much better, such as identity management and configuration management.

"VA has made progress developing policies and procedures but still faces challenges implementing components of its agency wide information security risk management
program to meet FISMA requirements," according to the audit. "While some improvements were noted, FISMA audits continued to identify significant deficiencies related to access controls, configuration management controls, continuous monitoring controls, and service continuity practices designed to protect mission-critical systems."

The report said the weakness in access and configuration management resulted from the agency not having comprehensive control over all servers and network devices. There are flimsy procedures in place to identify and remediate security vulnerabilities across the system and proliferating network devices, the audit said. It is recommended that the current acting assistant security for information and technology implement new measures to mitigate these vulnerabilities by Linda Halliday, assistant inspector general for audits and evaluations.

Specifically, VA needs to secure web-based services that might allow hackers or malicious users access to VA systems. There are also areas of the VA IT system with critical information which could be accessed by unauthorized parties, the audit said. Weak passwords and users granted unnecessary system privileges also must be fixed, as well as the implementation of multifactor authentication for remote access, which is not yet utilized by VA. All in all, there were 32 recommendations made to VA, with two of these being addressed by the end of fiscal year 2012.

Technology reporter Robert Strohmeyer wrote on InformationWeek that widely ignored security best practices should be used by businesses and government agencies as a preventative measure for any attacks that may occur. One key that many do not undertake is training users in best practices, as one study pointed out that 77 percent of companies offer no regular training to users. Other cyber security measures that business and government alike should consider include encryption of cloud data, use of encryption keys and a meticulous plan for what to do in case there is a breach.

Security News from SimplySecurity.com by Trend Micro.

Related posts:

  1. Maryland garners mixed review in state data protection audit
  2. Drone system infiltration raises data security questions for U.S. military (Op/Ed)
  3. Facebook set for data privacy overhaul following European audit
  4. Audit: VA sidestepped security standards in iPhone, iPad deployments

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.