[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] NASA info security controls are broken, GAO concludes

To: isn@xxxxxxxxxxxxxxx
Subject: [ISN] NASA info security controls are broken, GAO concludes
From: InfoSec News <alerts@xxxxxxxxxxxxxxx>
Date: Mon, 19 Oct 2009 01:47:16 -0500 (CDT)
Delivered-to: isn@xxxxxxxxxxxxxxx
List-archive: <http://www.infosecnews.org/pipermail/isn>
List-help: <mailto:isn-request@infosecnews.org?subject=help>
List-id: InfoSec News <isn.infosecnews.org>
List-post: <mailto:isn@infosecnews.org>
List-subscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=subscribe>
List-unsubscribe: <http://www.infosecnews.org/mailman/listinfo/isn>, <mailto:isn-request@infosecnews.org?subject=unsubscribe>
Organization: InfoSec News - http://www.infosecnews.org/
Sender: isn-bounces@xxxxxxxxxxxxxxx

http://gcn.com/articles/2009/10/16/nasa-info-security-controls-broken.aspx

By William Jackson
GCN.com
Oct 16, 2009

Key information technology systems at NASA have weaknesses in several 
critical areas that could lead to those systems being compromised, 
according to the Government Accountability Office.

Although controls are being implemented as part of a risk-based 
information security program, required under the Federal Information 
Security Management Act, controls were not always adequate or 
consistently enforced, resulting in security gaps in physical and 
logical perimeters and leaving vulnerabilities in networks and systems.

"A key reason for these weaknesses was that NASA had not yet fully 
implemented key elements of its information security program," GAO said 
in its report [1], NASA Needs to Remedy Vulnerabilities in Key Networks. 
"As a result, highly sensitive personal, scientific, and other data were 
at an increased risk of unauthorized use, modification, or disclosure."

The space agency agreed with GAO's recommendations for strengthening and 
completely implementing security controls.

[1] http://www.gao.gov/new.items/d104.pdf

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org

Prev by Date: [ISN] Ex-Ford Engineer Indicted For Allegedly Stealing Company Secrets
Next by Date: [ISN] Botnet Unleashes Variety Of New Phishing Attacks
Previous by thread: [ISN] Ex-Ford Engineer Indicted For Allegedly Stealing Company Secrets
Next by thread: [ISN] Botnet Unleashes Variety Of New Phishing Attacks
Index(es):
- Date
- Thread