Department of Justice Efforts in Managing Information Technology Security Vulnerabilities [open pdf - 1MB]
"The Department of Justice (Department), like the rest of the federal government has become increasingly dependent on information technology (IT) systems to accomplish its mission. These systems contain a wide range of data regarding individuals, organizations, and other sensitive information. Any IT system inherently contains vulnerabilities that, if exploited, can expose sensitive information to unauthorized individuals, and in some cases compromise national security. To reduce the risk of compromise of its IT systems and the data they contain, it is essential that the Department minimize the vulnerabilities in its IT systems. Enhancing the security of the information contained within its IT systems is a top priority of the federal government and the Department. [...] The objectives of this audit were to identify the Department's major systemic IT security vulnerabilities and assess the Department's progress in mitigating the identified vulnerabilities, in monitoring and overseeing the implementation of the IT security program, and in improving the overall security of its IT systems. The scope of our audit was limited to a review of the vulnerability management part of the Department's IT security program, which focuses on addressing the greatest threats to IT systems. We did not review and evaluate the adequacy of other elements of the Department's overall IT security efforts, such as training or contingency planning."
Department of Justice, Office of Inspector General, Audit Report 09-04
United States Department of Justice, Office of the Inspector General: http://www.usdoj.gov/oig/