Audit Reveals Lax Data Security Practices by State Agencies

Recently, an audit by office of the state comptroller for New Jersey found glaring violations of guidelines concerning with disposition of surplus computer equipment’s by various state agencies.
 
March 14, 2011 - PRLog -- Increasing instances of cybercrime have brought data privacy and confidentiality to the center stage. Disclosure of confidential information may have multiple repercussions for affected parties including legal consequences. As such, IT security professionals must take adequate precautions to safeguard privileged information. Recently, an audit by office of the state comptroller for New Jersey found glaring violations of guidelines concerning with disposition of surplus computer equipment’s by various state agencies. Computer equipment’s were dispatched to warehouse without removing data from the hard drive.

The auditors found data in 46 of the 58 hard drives investigated.The confidential data contained on the devices included names, addresses, phone numbers, social security numbers, tax returns, user name and passwords of government computers and documents related to child abuse. Computers sent to the warehouse did not contain any information regarding the working status of the surplus computers and certification regarding degaussing of hard drives. Negligence on the part of employees may lead to inadvertent data disclosure. Online IT courses may help in creating security conscious culture among employees.

A Treasury circular letter - 00-17-DPP of the State requires removal of all data contained in the hard drives before their disposal. Agencies are required to notify the Surplus property unit (SPU) of the state regarding excess equipment’s. The SPU then notifies all government departments regarding availability of equipment. An equipment is declared ‘surplus’ if no other agency claims the equipment within 30 days and is sold or donated.

The audit also revealed that a Laptop tested at the warehouse included personal information pertaining to a State judge including three years tax returns, life insurance trust agreement, documents containing social security number, confidential fax letters, non-public memoranda and mortgage documents containing account number and property address. Data security awareness training, online IT degree and e-learning programs may help users in ensuring information security by inculcating safe computing practices.

Revealed personal and confidential information may be misused for identity theft, misrepresentation, availing fake loans, mail redirection among many others. Disclosed confidential government data may be misused for creating fake documents, letter heads, fax letters or shared with rival intelligence agencies. Adequate monitoring of employee activity is crucial to avoid lapses in data security. Officials must ensure adherence to data protection guidelines.

Hiring security professionals qualified in IT degree programs may help in improving IT practices in state departments and agencies.

Contact Press

EC-Council
Website:  http://www.eccouncil.org
Email:  iclass@eccouncil.org
Tel:  505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.

# # #

iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI).
End
Source: » Follow
Email:***@eccouncil.org Email Verified
Tags:Data Security, Confidentiality, Privacy, Hard Disk Degaussing, Information Security, Social Security Number, Treasury
Industry:Security, Internet security, security breach
Location:Albuquerque - New Mexico - United States
Account Email Address Verified     Disclaimer     Report Abuse
Page Updated Last on: Mar 14, 2011
EC-Council News
Trending
Most Viewed
Daily News



Like PRLog?
9K2K1K
Click to Share