Wednesday, September 26, 2007

Vendor Downplayed Attacks on DHS Systems

In a case study of how outsourcing incident response goes wrong, The U.S. Government is looking into allegations that the IT vendor for the Department of Homeland Security may have minimized or underreported the extent of intrusions into 150 DHS systems.

Organizations need to remember that outsourcing vendors are almost always motived to not divulge the extent of outages or incidents and it is critical that contractual terms require vendors to provide immediate and full notice of any serious incident. Further, organizations must have the investigative and recovery processes and policies in place to effectively manage the incident.

These intrusions are believed to have originated from China (or at least passed through systems located there).

The full story is located available from Yahoo: Unisys Accused of DHS Breach Cover-up

No comments: