Documenting procedures for the State Department's custom-made, continuous-monitoring tool known as iPost will help ensure that the data collected are appropriately used to protect the agency's global IT system, a GAO audit says.
The updated FFIEC Guidance on Authentication in an Internet Banking Environment, released in June, set a new standard for online banking security. The guidance calls for a layered security approach and stronger more effective authentication techniques, including replacing challenge questions based on shared secrets...
"The lack of individual accountability over user accounts provides ample opportunities to conceal malicious activity such as theft or misuse of veteran data," VA Assistant Inspector General Belinda Finn says.
DOD's ability to develop an overarching budget estimate for full-spectrum, cyberspace operations has been challenged by the absence of clear, agreed-upon departmentwide budget definitions, GAO auditors tell the House Armed Services Committee.
Though America remains dominant on land, sea and air, technical and economic barriers to gain entry in cyberspace are much lower for adversaries, and as a result, place the United States' networks at great risk, GAO says.
In the wake of devastating cyber attacks and fraud losses to banking institutions and customers, the FFIEC has issued its first online authentication guidance since 2005. Banking regulators will begin assessing institutions by this new guidance in 2012, so it's imperative to attend this session and gain expert insight...
As banking institutions seek tremendous cost savings from cloud infrastructure and services, two key factors must be considered: The Patriot Act, which has strict stipulations regarding access to data and where it is stored, and the protection of data -- even from third party service providers.
"Our ability to provide immediate response to vulnerabilities and threats ... is quickly establishing VA as a model of excellence for the rest of the federal government."
VA CIO Roger Baker says in testimony before a House panel.
Tips for Preventing Fraud and Complying With FFIEC Guidance
The onslaught of ACH/wire fraud incidents confirms what the researchers have long said: We're in a new wave of malicious code. This new wave is run by organized crime, and it's focused on one objective: Stealing personally identifiable information and...
The non-standardized collection device is responsible for 13 percent of the biometric records maintained by DOD, representing some 630,000 DoD records that cannot be searched automatically against FBI's database of about 94 million records.
Government agencies continue to see growing cybersecurity challenges. Software Security Assurance (SSA) is a new approach entities are taking to improve security measures in their organizations. A critical component of SSA are threat assessments, which involve accurately identifying and characterizing potential...
"Without improvements, the weaknesses identified may limit program and site-level officials' ability to make informed risk-based decisions that support the protection of classified information and the systems on which it resides," says Rickey R. Hass, deputy inspector general for audits and inspections.
Attackers could leverage vulnerabilities to gain control of air traffic control systems, with intruders using unprotected computers to compromise other systems that depend on the same network, a Transportation Department audit reveals.
The Social Security Administration sold the information in a database of deceased individuals that erroneous contained the Social Security numbers, dates of birth, full names and ZIP codes of living people, the inspector general reports.