Evaluation of Department of State Information Security Program ...
Evaluation of Department of State Information Security Program ...
Evaluation of Department of State Information Security Program ...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
UNCLASSIFIED<br />
DRAFT<br />
� Assessed programs for monitoring <strong>of</strong> security policy and program compliance and<br />
responding to security events (that is, unauthorized changes detected by intrusion<br />
detection systems).<br />
� Performed testing <strong>of</strong> major systems at the discretion <strong>of</strong> OIG. We tested 30 systems<br />
for our sample. (See Appendix I.).<br />
� Assessed the adequacy <strong>of</strong> internal controls related to the areas reviewed. Control<br />
deficiencies identified during the review are reported in the report.<br />
� Evaluated the <strong>Department</strong>’s remedial action taken to address the previously reported<br />
<strong>Information</strong> <strong>Security</strong> <strong>Program</strong> control weaknesses identified in OIG’s report Review <strong>of</strong><br />
<strong>Department</strong> <strong>of</strong> <strong>State</strong> <strong>Information</strong> <strong>Security</strong> <strong>Program</strong> (AUD/IT-11-07, Nov. 2010).<br />
43<br />
UNCLASSIFIED