computerwoche.de

Archiv

US gov't department details IT audit plans for 2006

04.01.2006
Richard Skinner, the inspector general of the U.S. Department of Homeland Security, plans to conduct more than 12 audits of IT programs and operations in 2006, according to a recently released performance plan.

As part of that plan, the DHS's Office of Information Technology will conduct audits and evaluations of the department's information management, cyber infrastructure and systems integration activities.

For example, the Office of Information Technology (OIT) plans to look at whether security controls are effective in protecting personal information for the systems supporting the Transportation Worker Identification Credentialing (TWIC) program. Under that program, which was established in December 2001, some transportation workers are issued a standardized, secure identification card that allows them unescorted access to secure areas of the nation's transportation system -- as well as access to computer-based information systems involved in the security of the transportation system.

The OIT also wants to determine whether the DHS has adequate security controls in place over the Automated Commercial Environment (ACE), which collects, processes and analyzes commercial import and export data. ACE simplifies dealings between U.S. Customs and Border Patrol and the trade community by automating time-consuming and labor-intensive transactions to move goods through ports faster and cheaper.

In the Science and Technology area, Skinner's office will evaluate whether that DHS agency has established security controls for the sensitive information systems and data housed at the Plum Island Animal Disease Center on New York's Long Island. The OIT also hopes to determine the status of the DHS's initiatives, applications and progress in integrating automated surveillance system technologies to respond to modern-day threats; the department's progress in research and project application related to its goals and performance measures; the issues and challenges that exist for DHS deployment of this functionality; and whether there are sufficient management controls in place or planned to ensure compliance with security, privacy laws and policies and biometric standards.

The inspector general is also planning to audit DHS operations for information sharing related to critical infrastructure protection. Skinner's office hopes to determine whether DHS strategies and tools for working with private industry would be effective in the event of a failure of, or attack on, critical sector operations. In addition, the OIG is set to review just how effectively the DHS shares disaster response and counter-terrorist information with state and local governments.