RSS Alerts

Share

More services

Related Stories

  • DHS sponsors state and local government cybersecurity center
    The Department of Homeland Security (DHS) is launching a cybersecurity center for state and local governments that will cooperate with DHS's National Cybersecurity and Communications Integration Center (NCCIC).
  • Almost a half million people have been victims of data breaches in Hawaii
    Since 2005, at least 479 000 personal records have been breached in the state of Hawaii – records on one out of every three residents – according to a report by the Liberty Coalition.
  • State CIOs appeal to feds for information security funding
    State chief information officers (CIOs) are appealing to the federal government for aid in implementing information security initiatives, according to Charles Robb, senior policy analyst with the National Association of State Chief Information Officers (NASCIO).
  • State CISOs hampered by budget cuts
    A full 46% of state chief information security officers (CISOs) have experienced cybersecurity budget cuts while internal and external cyber threats increase, whereas 33% have seen no change in funding. This is according to a survey by Deloitte and the National Association of State Chief Information Officers (NASCIO).

Top 5 Stories

News

Colorado flunks test of its information security systems

15 December 2010

The Colorado state government networks and computers are at "high risk" of compromise and data breach by hackers, according to a covert test commissioned by the state auditor.

After conducting a covert penetration test, the Colorado State Auditor "identified a significant number of serious vulnerabilities in the state’s networks and applications that would likely provide a malicious attacker with unauthorized access to the public’s data or with the ability to directly target Colorado’s citizens."

According to the report, the Colorado auditor was able, through the convert test, to "compromise several state government networks and systems and gain unauthorized access to thousands of individuals' records, including state employees' records, containing confidential data such as social security numbers, income levels, birth dates, and contact information."

The auditor estimated that a data breach of this magnitude would cost the state of Colorado between $7 million and $15 million to fix. "This estimate does not include the cost to individual citizens whose data would have been stolen."

The auditor also found that 60% of state agencies failed to submit required information secuirty plans to the Office of Cyber Security by the July 15, 2010, statuatory deadline. Even for agencies that submitted plans, only one was complete. In addition, the Commission on Higher Education is not collecting, reviewing, and submiting information security plans for colleges and universities to the office, as required by statute.

The report determined that the Office of Cyber Security "lacks a strategic plan for directing its operations, lacks any meaningful measures for assessing its performance, and does not have procedures to collect and analyze meaningful cyber security information." The auditor blamed a "lack of leadership" at the office and a "lack of oversight" at the Governor's Office of Information Technology for the problems identified in the audit.

The Governor's Office of Information agreed with the findings of the auditor, but blamed the problems on tight budgets and antiquated network and computer security systems that the office inherited. The office said it would address the information security problems identified by the auditor "where budget and resources permit."

This article is featured in:
Application Security  •  Data Loss  •  Internet and Network Security  •  Public Sector

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions | Privacy | Website Design| Reed Exhibitions. All rights reserved. Copyright © 2013
We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×