William Lay, the chief information security officer at the State Department, hasn’t addressed critical management issues and is frequently away from the office, according to the inspector general. The State Department’s Bureau of Information Resource Management, Office of Information Assurance has none of those things, according to a State Department’s Office of Inspector General audit released in July, and further lacks controls and procedures to monitor contracts, task orders and blanket purchase agreements totaling $79 million.
“The CISO hasn’t provided division chiefs with priorities based on defined goals, as a result, the staff isn’t proactive in meeting information security requirements,” OIG states. Chief among them was requesting the Bureau of Human Resources to direct the Office of Resource Management and Organizational Analysis to conduct an organization assessment of IRM/IA, and determine what similar functions are being performed by other State Department offices.
View the entire article at the FCW: The Business of Federal Technology.