Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Agencies Earn D+ on Computer Security

Posted by CowboyNeal on from the but-it-still-passes dept.

MirrororriM writes "Seven of the 24 largest agencies received failing grades, including the departments of Energy and Homeland Security. The Homeland Security Department encompasses dozens of agencies and offices previously elsewhere in government but also includes the National Cyber Security Division, responsible for improving the security of the country's computer networks. 'Several agencies continue to receive failing grades, and that's unacceptable,' said Rep. Tom Davis, R-Va., the committee's chairman. 'We're also seeing some exceptional turnarounds.'"

3 of 190 comments (clear)

  1. and... by Anonymous Coward · · Score: 0, Offtopic

    this surprises anyone?

  2. Responsibility and Enforcement by nboscia · · Score: 1, Offtopic

    I wish the government wouldn't be singled-out as this is a universal problem, no matter who owns the computer. The underlying problem, IMO, is that too many people want adminstrator rights to systems who know nothing about how to be an administrator. There's no one to enforce security policies and there are no realistic training requirements or credentials for users who operate these systems. This has become an increasing problem in the workplace as the number of systems and their pseudo-admins grow.

    As many have said, someone MUST be held accountable for their lack of responsibility. If the admins/users wish to be lazy, and no one forces them not to be, then what's the motivation to be security-conscious? In businesses, government, institutions, only well-trained and competent people should be allowed to manage any device on the network. Many people think they are administrators, but just knowing how to update a system doesn't make you a good admin, and most don't even realize all the different layers of security that need to be considered. For home users, (I'll probably get bashed for this), the ISP's should play a bigger role in making sure their customers are responsible for any damage they cause, or even be the ones to offer security services to customers. I people would be double-checking access logs and services, running scans, and doing updates more frequently if they could be fined, fired, or otherwise held responsible for not keeping things secured.

  3. Re:Oh, the dreaded D+ by WhatAmIDoingHere · · Score: 0, Offtopic

    You get a D+ in spelling.. "You're"

    --
    Not a Twitter sockpuppet... but I wish I was.