Follow on Google News News By Tag * Data Security * Confidentiality * Privacy * Hard Disk Degaussing * Information Security * Social Security Number * Treasury * More Tags... Industry News News By Location Country(s) Industry News
Follow on Google News | Audit Reveals Lax Data Security Practices by State AgenciesRecently, an audit by office of the state comptroller for New Jersey found glaring violations of guidelines concerning with disposition of surplus computer equipment’s by various state agencies.
By: EC-Council The auditors found data in 46 of the 58 hard drives investigated.The confidential data contained on the devices included names, addresses, phone numbers, social security numbers, tax returns, user name and passwords of government computers and documents related to child abuse. Computers sent to the warehouse did not contain any information regarding the working status of the surplus computers and certification regarding degaussing of hard drives. Negligence on the part of employees may lead to inadvertent data disclosure. Online IT courses may help in creating security conscious culture among employees. A Treasury circular letter - 00-17-DPP of the State requires removal of all data contained in the hard drives before their disposal. Agencies are required to notify the Surplus property unit (SPU) of the state regarding excess equipment’s. The SPU then notifies all government departments regarding availability of equipment. An equipment is declared ‘surplus’ if no other agency claims the equipment within 30 days and is sold or donated. The audit also revealed that a Laptop tested at the warehouse included personal information pertaining to a State judge including three years tax returns, life insurance trust agreement, documents containing social security number, confidential fax letters, non-public memoranda and mortgage documents containing account number and property address. Data security awareness training, online IT degree and e-learning programs may help users in ensuring information security by inculcating safe computing practices. Revealed personal and confidential information may be misused for identity theft, misrepresentation, availing fake loans, mail redirection among many others. Disclosed confidential government data may be misused for creating fake documents, letter heads, fax letters or shared with rival intelligence agencies. Adequate monitoring of employee activity is crucial to avoid lapses in data security. Officials must ensure adherence to data protection guidelines. Hiring security professionals qualified in IT degree programs may help in improving IT practices in state departments and agencies. Contact Press EC-Council Website: http://www.eccouncil.org Email: iclass@ Tel: 505-341- EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world. EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world. EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences. # # # iClass is EC- Council's online training delivery platform. Students can attend live, or recorded training sessions for courses such as Certified Ethical Hacker (CEH), Certified Security Analyst (ECSA) or Computer Hacking Forensic Investigator (CHFI). End
Account Email Address Disclaimer Report Abuse Page Updated Last on: Mar 14, 2011
|
|