Specifically, the DHS CIO is not a member of the department's senior management team so he does not have authority to strategically manage agency-wide IT programs, the IG said. Also, there is no formal reporting structure between the CIO and the infosec managers of the agency's nine components, hindering support in implementing the DHS infosec program.
Among the other problems, DHS lacks an accurate and complete system inventory, which prevents it from effectively managing its infosec program, the IG said. Component infosec managers do not understand required program and system information, limiting DHS' ability to put together a comprehensive inventory.
The IG recommended that DHS improve its procedures for wireless technologies, remote access, vulnerability scanning, incident detection, among other areas.
In a written response, DHS's CIO generally agreed with the report's recommendations and said the department already is working to address issues raised by the IG, including compiling a comprehensive system and application inventory.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
iTnews Benchmark Security Awards 2025
Digital Leadership Day Federal
Government Cyber Security Showcase Federal
Government Innovation Showcase Federal
Digital NSW 2025 Showcase
_(1).jpg&h=140&w=231&c=1&s=0)
