U.S. Department of Energy, Office of Inspector General, Office of Audit Services, Audit Report, Management of the Department’s Publicly Accessible Websites, March 2008.
- “Our audit identified several opportunities to improve the security and management of the Department’s publicly accessible websites. Specifically:
- We identified over 50 significant cyber security incidents in the last three fiscal years, about half involving the defacement of web pages, which, in our judgment, could have been prevented had proper security controls been in place;
- Content on publicly accessible web servers was not always controlled and reviewed periodically, contributing to an additional eight incidents which involved the exposure of personally identifiable information to unauthorized or malicious sources; and,
- Most of the organizations reviewed also had not incorporated
contingency/emergency planning features, provided accessibility for individuals with disabilities, and/or disabled unneeded computer services for their publicly accessible websites – factors that decreased the utility and increased the risk of malicious damage to those websites.