Audit reveals new IT security weaknesses

The Federal Law Enforcement Training Center did not make much progress in addressing previously identified security weaknesses in its computer infrastructure last year, according to a new audit released by Homeland Security Department Inspector General Richard Skinner. The center completed work on only two previous information technology security-related recommendations during the year. It also received 20 reissued notices of IT weaknesses, and nine notices of new IT weaknesses, the audit  said. The audit of fiscal 2007 IT controls was performed by the KPMG LLP accounting firm, which developed a Notice of Findings and Recommendations for each control weakness it identified. The weaknesses ranged across broad areas. For example, 21 of 30 randomly surveyed contractors for the center did not have appropriate background investigations. The audit also found problems with access control, application development and controls, and software security.