KOSEN 한인과학기술자네트워크

ㅇ Background - Federal systems are at risk - Commerce missions are diverse - Commerce's IT infrastructure is decentralized - Improvements to information security have been initiated - Logicol access controls were inadequate - System access controls were weak · User ID and password management controls were not effective · Control of system administration functions was not adequate · Access to critical systmes and sensitive data files was not adequately restricted - Operating systems were ineffectively secured · Excessive system information was exposed · Operating systems were poorly configured · Systmes had unncessary and poorly configured functions - Network security was ineffective ㅇ Other information system controls were not adequate - Computer duties were not properly segregated - Software changes were not adequately controlled - Service continuity planning was incomplete ㅇ Poor incident detection and response capabilities further impair security - Incident handling mechanisms have not been established or implemented - Incidents could be prevented - Incident detection capabilities have not been implemented - Incident response procedures have not been established - Bureaus have not been reporting incidents ㅇ Commerce does not have an effective information security management program - Centralized management is weak - Risks are not assessed - Security plans are not prepared - Systems are not authorized ㅇ Needed policies have not been established - Security awareness and training are not adequately promoted - Policies and controls are not monitored