[prev in list] [next in list] [prev in thread] [next in thread] 

List:       isn
Subject:    [ISN] N.S. calls for better security
From:       InfoSec News <isn () c4i ! org>
Date:       2003-12-18 11:25:25
[Download RAW message or body]

http://www.globetechnology.com/servlet/story/RTGAM.20031217.gtnsns1217/BNStory/Technology/

Canadian Press 
Dec. 17, 2003 

HALIFAX - Tighter security is needed to prevent on-line thieves from
using the province's bookkeeping software to steal from the public
purse, Nova Scotia's auditor general says in his annual report.

Roy Salmon said Wednesday that too many civil servants have access to
secret passwords and log-on procedures, and a sweeping audit is
needed.

The 2003 report estimates about 1,000 people have access to the system
that watches over the province's $5-billion budget.

"Someone [who] is dishonest, they can pay their own bills
electronically," Mr. Salmon told a news conference.

Though the report doesn't give examples of theft since the system was
set up six years ago, Mr. Salmon said the government should improve
security before it's too late.

The report noted that 269 people had access to sensitive codes that
could be used to alter the financial software, and "a few" former
government employees still have valid passwords.

Mr. Salmon also found the province narrowly averted a complete
shutdown when mould was discovered in the building where the data
centre is based.

"Had [the mould] been more toxic - the building could have been closed
for a prolonged period," the report says.

Mr. Salmon also recommended management create a plan to recover data
if there is a shutdown.

"If it caught fire or blew up, you'd have no system," he said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@attrition.org with 'unsubscribe isn'
in the BODY of the mail.
[prev in list] [next in list] [prev in thread] [next in thread]