[ISN] IG: DHS Does Not Track Security Training of System Administrator Contractors

http://www.nextgov.com/cybersecurity/2013/06/ig-dhs-does-not-track-security-training-system-administrator-contractors/64976/ By Aliya Sternstein Nextgov June 17, 2013 The Homeland Security Department does not keep tabs on whether contractors that monitor vulnerabilities on federal networks have undergone training, according to a new inspector general audit. These private sector system administrators support CyberScope, a central reservoir for incoming streams of data summarizing every federal agency’s computer security posture. The composite view of threat-levels is intended to help Homeland Security leaders manage cyber risks governmentwide. The account of an inadequate security training program for system administrator contractors at DHS follows the alleged breach of top secret files by a system administrator contractor at the National Security Agency. Homeland Security does not maintain records on who has taken security awareness and specialized information technology training; nor does the department ensure that all training requirements have been completed, according to auditors. “CyberScope contractors may not have received the appropriate skills or knowledge to properly administer and secure the systems against potential cyber threats,” Frank Deffer, assistant inspector general for the office of IT audits, wrote in the report. […] _______________________________________________ ISN mailing list ISN@lists.infosecnews.org http://lists.infosecnews.org/mailman/listinfo/isn_lists.infosecnews.org