![Information security: Department of Health and Human Services needs to fully implement its program: report to the Chairman](//coverdb.com/reviewUS/w100/562/9781234396886.jpg) |
|
Information security: Department of Health and Human Services needs to fully implement its program: report to the Chairman
United States. Government
Paperback. Books LLC, Reference Series 2011-10-03.
ISBN 9781234396886
|
|
|
Buy from Amazon.com
|
Publisher description
Original publisher: [Washington, D.C.] : U.S. Govt. Accountability Office, [2006] OCLC Number: (OCoLC)86251177 Subject: Computer security -- Government policy -- United States. Excerpt: ... restrict physical access to computer resources, usually by limiting access to the buildings and rooms in which the resources are housed and by periodically reviewing the access granted, in order to ensure that access continues to be appropriate. HHS policy requires that physical access to rooms, work areas and spaces, and facilities containing departmental systems, networks, and data be limited to authorized personnel; controls be in place for deterring, detecting, monitoring, restricting, and regulating access to sensitive areas at all times; and controls be commensurate with the level of risk and sufficient to safeguard these resources against possible loss, theft, destruction, accidental damage, hazardous conditions, fire, malicious actions, and natural disasters. Our analysis showed that HHS did not effectively implement physical controls as the following examples illustrate: * One CMS Medicare contractor used a privately owned vehicle and an unlocked container to transport approximately 25, 000 Medicare check payments over a 1-year period. * Four hundred forty individuals were granted unrestricted access to an entire data center, including a sensitive area within the data center - although their jobs functions did not require them to have such access. * Surveillance cameras used for monitoring a facility were not functioning, leading to blind spots in the data center's perimeter security. * Three individuals with access to an operating division's data center did not have management approval for such access. These weaknesses in physical security increase the risk that unauthorized individuals could gain access to sensitive computing resources and data and inadvertently or deliberately misuse or destroy them. 5 According to Office of Management and Budget ( OMB ) Circular
More books by United States. Government
Similar books
Rate the book
Write a review and share your opinion with others. Try to focus on the content of the book. Read our instructions for further information.
Information security: Department of Health and Human Services needs to fully implement its program: report to the Chairman
Book reviews » Information security: Department of Health and Human Services needs to fully implement its program: report to the Chairman
|
|
![Information security: Department of Health and Human Services needs to fully implement its program: report to the Chairman](/images/background.gif) |
![Information security: Department of Health and Human Services needs to fully implement its program: report to the Chairman](/images/background.gif) |
|
|
|