Government Agencies Fail at Protecting User Data

February 26th, 2008 by Alina (2) Data Leakage, Data Theft, In the News, security breach

Two years ago, a major security breach was reported by the US Department of Veterans Affairs. At the time, a laptop containing private data on an extremely large number of veterans had been stolen. Following the incident, strict guidelines were established in order to protect personal information and prevent such thefts and exposures from happening.

According to the Register, two years was not enough time for government agencies to implement the guidelines and comply with their security requirements.

According to a report issued by the Government Accountability Office (GAO) today, a number of agencies fell short on recommendations for securing databases, remote access, and mobile devices. All of the agencies received a downgrade in their scores for e-government progress on the President’s Management Agenda Scorecard

Of the 24 major agencies audited in the report, only 11 had established policies for logging data extracted from agency databases and for erasing the data within 90 days of extraction. Only 15 agencies had established a “time out” function for remote and mobile devices that requires user re-authentication after 30 minutes of inactivity.

The same report has revealed that 25 other security breaches occurred in a three year interval - 2004-2007 - three of them exposing private records of more than 100,000 individuals. It also states these are only the breaches accounted for, but the actual number might be far greater.

© Endpoint Security Info 2008. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML