Homeland Security Audit Report

799 Words4 Pages
Upon going to the State of Maryland website where Goals are characterized, Security is one of several a main subjects. Under Security the subset Homeland Security appears and according to the STATESTAT’s it on track. When you think of Homeland Security, the usual areas come to mind: Transportation, Law Enforcement, Disaster and Cybersecurity. The Governor of Maryland has listed 15 Strategic Policy Goals and Homeland Security being one of them. Under Homeland Security there are a four goals mentioning some form of communications, Interoperable Communications, Intelligence/Information Sharing, Vulnerability Assessment and Backup Power and Communications. Further reading of the goals, outlined a different area of communication. Interoperable…show more content…
Three findings were addressed from the audit, only two pertain to security: The initial finding “Firewalls did not adequately secure the DoIT, Department of Budget Management (DBM), Governor’s Office, and networkMaryland networks, and the Governor’s Office network was not adequately protected by intrusion detection and prevention system software.” The DoIT response “DoIT has implemented updated firewall policies and made the appropriate configurations, addressing the specifics of the audit finding. Also, DoIT has performed the configuration changes to the Governor’s Office intrusion detection and prevention systems, addressing the coverage areas detailed in the audit finding. The second finding “Critical DoIT and DBM systems were not adequately segmented on the local area network (LAN) shared by DoIT and DBM”. “The DoIT has restricted access to systems and network resources based on user login credentials since DoIT was officially created on July 1, 2008. Although this access restriction has been sufficient to protect against internal security breaches, DoIT will split the two departmental networks to further segregate the two networks and their various assets. Until the physical split of the two networks occurs, the two will be secured in the same manner as has protected the entities since DoIT was created”. A more recent audit conducted between May 2011 and December 2011 has found “two of the agencies that authorized the use of portable devices for the storage and access of personal identifiable information (such as personal health data) did not adequately protect the data (such as through the use of full disk encryption)” (Sentementes, G., 2012). The audit dated 2009 only addressed three findings; the present audit dated September 2012 found 12 findings. The results and appropriate corrections are at address at this link

More about Homeland Security Audit Report

Open Document