[44701] in North American Network Operators' Group
Network security: The auditors point of view
daemon@ATHENA.MIT.EDU (Sean Donelan)
Sun Dec 9 23:40:40 2001
Date: Sun, 9 Dec 2001 23:38:04 -0500 (EST)
From: Sean Donelan <sean@donelan.com>
To: Patrick Greenwell <patrick@cybernothing.org>
Cc: David Lesher <wb8foz@nrk.com>, nanog list <nanog@merit.edu>
In-Reply-To: <20011209183910.M17292-100000@unagi.cybernothing.org>
Message-ID: <Pine.GSO.4.40.0112092235120.21223-100000@clifden.donelan.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
On Sun, 9 Dec 2001, Patrick Greenwell wrote:
> I have no personal knowledge of the DOI's infrastructure, and unless you
> do, I think we're all left to speculate as to whether or not the "home
> page server" of the DOI had access to the Indian trust data. My
> speculation would be that it does if it's Internet connected...
The great thing about our government is public oversight. It may be
embarrassing to the managers involved, but Interior's computer security
is detailed in several places.
Information Security: Weak Controls Place Interior's Financial and Other
Data at Risk. July 3 2001.
http://www.gao.gov/new.items/d01615.pdf
DoI responds: "While this audit, as well as previous audits, have
identified areas where NBC-Denver can improve its management controls,
none of these audits has ever shown that the integrity of the financial
data has ever been compromised. Our on-going operations have provided our
customers accurate financial information and timely delivery of services."
