摘要 :
We sought to highlight unimplemented actions the U.S. Environmental Protection Agency (EPA) should take to protect network resources from the increase of Advanced Persistent Threats (APTs) within the Agency. An APT is a cybercrime...
展开
We sought to highlight unimplemented actions the U.S. Environmental Protection Agency (EPA) should take to protect network resources from the increase of Advanced Persistent Threats (APTs) within the Agency. An APT is a cybercrime designed to steal or modify information without detection. These attacks are targeted at organizations, businesses, and political entities. The attackers that carry them out are typically organized and well funded. Unlike other virus attacks that may be launched at thousands of random computers on the Internet, APT activities are tailored, using multiple attack methodologies and tools, for specific targets. After a target has been successfully attacked, the attacker maintains a foothold on the target for future exploits. In other words, after an organization fixes the initial vulnerability, the attacker will be able to persist in an automated and hidden mode, remaining on the network unbeknownst to the organization.
收起
摘要 :
The Office of Inspector General (OIG) sought to determine whether the U.S. Environmental Protection Agency (EPA) implemented oversight practices for securing access to key EPA locations in Las Vegas, Nevada. EPA occupies space in ...
展开
The Office of Inspector General (OIG) sought to determine whether the U.S. Environmental Protection Agency (EPA) implemented oversight practices for securing access to key EPA locations in Las Vegas, Nevada. EPA occupies space in six buildings on or near the University of Nevada-Las Vegas campus. These buildings use a card access system to control personnel access to these buildings. The Office of Research and Development (ORD) is responsible for managing the process for authorizing and removing personnel access to these buildings and for administering the computer system that controls the card access system. EPA's Security Management Division within the Office of Administration and Resources Management is the responsible and primary agent within EPA for physical security.
收起
摘要 :
We sought to determine EPA's Computer Security Program whether the U.S. Environmental Protection Agency (EPA) implemented management control processes for maintaining the quality of data in the Automated System Security Evaluation...
展开
We sought to determine EPA's Computer Security Program whether the U.S. Environmental Protection Agency (EPA) implemented management control processes for maintaining the quality of data in the Automated System Security Evaluation and Remediation Tracking (ASSERT) system. EPA uses the ASSERT online tool to gather information regarding testing and evaluating Agency information systems, and tracking progress made in fixing identified security weaknesses. EPA also uses ASSERT to generate reports provided to the Office of Management and Budget pursuant to the Federal Information Security Management Act.
收起