U.S. Department of Education, Office of Inspector General, Information Technology Audits Division – Incident Handling and Privacy Act Controls over External Web Sites, Final Audit Report, Redacted, ED-OIG/A11I0006, June 10, 2009.
“Based on our review, the Departments Chief Information Officer (CIO) must improve security controls over the incident response and handling program and accelerate two-factor authentication for protecting Privacy Act information to adequately protect the confidentiality, integrity, and availability of the personally identifiable information (PII) data residing on public web sites. During our audit, we also identified significant conditions related to the work performed regarding [Redacted Text] and public domain web site establishment and maintenance.
