- About Us
- Information Technology
- Contact Us
Report Fraud, Waste, or Abuse
To accomplish our audit objectives, we reviewed the effectiveness of the Board's information security program across 11 areas outlined in DHS's 2014 FISMA reporting guidance for Inspectors General. These areas include continuous monitoring, configuration management, identity and access management, incident response and reporting, risk management, security training, POA&M, remote access management, contingency planning, contractor systems, and security capital planning. To assess the Board's information security program in these areas, we interviewed Board management and staff members; analyzed security policies, procedures, and documentation; and observed and tested specific security processes and controls.
We also reviewed security controls implemented for the Board's information systems and IT processes on an ongoing basis. During the past year, we issued the following reports:
Given the sensitivity of the issues involved with these reviews, the specific results were provided to management in separate reports, some of which are restricted.
Additionally, during this FISMA cycle we completed the fieldwork on several other audits of Board processes that relate to certain DHS FISMA metric areas:
In addition to the FISMA requirements, we performed follow-up reviews of open audit recommendations from prior OIG information security–related audits and application control reviews. These follow-up reviews help us evaluate the Board's compliance with FISMA and related information security policies and procedures and report to DHS and OMB.
We conducted our fieldwork for this audit from June 2014 to September 2014. We conducted this audit in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our findings and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives.