PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
April 2004

Audit failure: How one lab raised IT security awareness and its audit grade

Year after year, security audits of Argonne National Laboratory were, in a word, abysmal. On a network that lacked even basic firewall protection, every desktop and server was essentially open to the outside world. Breaking in was a cinch. The appalling reviews -- regardless of who conducted them -- were hardly surprising at the Department of Energy's oldest lab, located in suburban Chicago and devoted to everything from nanotechnology to supercomputing. When it came to investing in science or security, security always got the short end. Argonne's scientific community had little interest in protecting assets under a decentralized system that did little to foster cooperation. Finally, in early 2001, management that had for so long paid lip service to security decided it was time to stop taking so much lip. The lab was determined to overhaul its Cyber Security Program Plan -- a flawed, largely ignored document that was at the heart of its audit failures. Too often, Argonne's security policy mimicked the loose language of DOE ...

Access this PRO+ Content for Free!

By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Features in this issue

Columns in this issue