Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program Page: 18 of 36
This report is part of the collection entitled: Government Accountability Office Reports and was provided to UNT Digital Library by the UNT Libraries Government Documents Department.
Extracted Text
The following text was automatically extracted from the image on this page using optical character recognition software:
Table 1 indicates with an "X" where we found weaknesses in selected
components' information security practices and controls.Table 1: Weaknesses in DHS Selected Components' Information Security Practices and Controls
DHS DHS Risk Security test and Remedial action Continuity of
System component assessment Security plan evaluation plans operations
Major application US-VISIT n/a Xa n/a n/a n/a
Major application ICE X X X
Major application TSA X X X
General support ICE X X X
system
General support TSA X X X X
system
General support EP&R X X X X
system
Source: GAO analysis of information security documentation for United States and Immigrant Status Indicator Technology (US-VISIT),
Immigration and Customs Enforcement (ICE), Transportation Security Administration (TSA), and Emergency Preparedness and
Response (EP&R) systems.
aFor each system, we obtained and reviewed all documentation contained in the certification and
accreditation package-with the exception of US-VISIT-in this case, we reviewed only the security
plan.Risk Assessments
Identifying and assessing information security risks are essential steps in
determining what controls are required and what level of resources should
be expended on controls. Moreover, by increasing awareness of risks, these
assessments generate support for the policies and controls that have been
adopted, which helps ensure that these policies and controls operate as
intended. FISMA requires agency's information security programs to
include periodic assessments of the risk and magnitude of the harm that
could result from the unauthorized access, use, disclosure, disruption,
modification, or destruction of information and information systems that
support the operations and assets of the agency.
Risk assessments for three of the five systems were not complete. For
example, two general support systems-one at Transportation Security
Administration and one at Immigration and Customs Enforcement-had
risk assessment reports that were in draft and incomplete. In addition to
the weaknesses we identified, the OIG, as part of its fiscal year 2004 FISMA
evaluation, identified that risk assessments for selected DHS systems that
they reviewed were not current. Unless DHS performs periodic risk
assessments of its information systems, it will not have assurance thatGAO-05-700 DHS Information Security
Page 14
Upcoming Pages
Here’s what’s next.
Search Inside
This report can be searched. Note: Results may vary based on the legibility of text within the document.
Tools / Downloads
Get a copy of this page or view the extracted text.
Citing and Sharing
Basic information for referencing this web page. We also provide extended guidance on usage rights, references, copying or embedding.
Reference the current page of this Report.
United States. Government Accountability Office. Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program, report, June 17, 2005; Washington D.C.. (https://digital.library.unt.edu/ark:/67531/metadc295505/m1/18/: accessed March 18, 2024), University of North Texas Libraries, UNT Digital Library, https://digital.library.unt.edu; crediting UNT Libraries Government Documents Department.