The Senate has responded by calling for a security audit of its systems.
FORBES: Testing The Limits, LulzSec Takes Down CIA's Website
The company recently agreed to an outside security audit after it was revealed that anyone could access a Hotmail account without knowing the user's password.
Free versions of security audit software exist, but they tend to find so many false positives, or problems that turn out to be nothing, that developers stop using these tools.
Although fraud prevention mechanisms, such as the Ethics Helpline and Office of the Ombudsman, led Corporate Security and Internal Audit groups to investigate reports about certain arrestees, they did not appear to run joint investigations or develop a corrective actions approach.
She also said NARA was addressing a list of 29 security points recommended in an audit, and had doubled its security staff.
Moreover, he said that only two of the 29 security recommendations from his audit had actually been implemented.
In the process of evaluating their current IAM processes, many organizations have realized that the traditional IT-centric approaches they have implemented for Identity and Access Management have not only been both costly and ineffective, they have left them vulnerable to security breaches and failed audit reviews.
FORBES: Recent IT Security Breaches Make Enterprises Review Their IAM Strategies
According to Goldsmith, in November of 2003, the National Security Agency wanted to conduct an audit of its surveillance program.
Operator Verizon says the scam came to light after the US firm asked it for an audit, suspecting a security breach.
For example, there are 189 ISO standards for information security, our National Institute of Standards and Technology ( NIST) has produced a full set of world-class materials on information security, and the Information Systems Audit and Control Association ( ISACA) has developed its best practices, the Control Objectives for Information Technology ( CobiT).
FORBES: Congress Needs to Go Back To School on Cyber Legislation
Not only that, in the United States we hire independent third-party security companies, such as EWA, to audit our products in order to certify the safety and reliability of the products at the source code level.
Our board and audit committee gets regular updates on our security posture, the cyber threats we face, and the investments that are needed to ensure that we stay in business.
The Aviation Security Association, made up of Securicor -- the company that recently bought Argenbright -- and three other multinational aviation security companies, refused to comment until it could review the full audit.
CNN: Review of airport security firm shows security breaches continue
Intrusion detection, capable of spotting zero day exploits, must be deployed to audit and test the recognition and response capabilities of your corporate security defences.
Joe Lieberman, I-Connecticut, and Susan Collins, R-Maine, would require companies to prove to the government that minimum security standards are in place, and would make that information subject to a government audit.
The report notes that while in the middle of an audit of the witness program, the inspector general notified the Justice Department of national security vulnerabilities.
CNN: U.S. lost track of two with known or suspected terror ties
应用推荐