Data security isn’t rocket science. In fact, it may be more difficult, as this recent event shows:
A recent audit report from NASA revealed that six of the agency’s servers had been vulnerable to attack from online hackers. If the flaws had been exploited, NASA missions could have been jeopardized, and sensitive data such as encryption keys, user lists and passwords could have been exposed.
Those vulnerabilities have been patched, but the agency still lacks an ongoing program to find and correct similar problems that may occur in the future, Network World reports. NASA’s CIO Linda Cureton has given the agency a dealdline of September 30 to come up with such a plan.
Specifically, the report pointed out the need to:
- Immediately identify all Internet-connected computers and find and fix vulnerabilities on those machines
- Add security tools that continuously monitor network activity to find threats and risks, and
- Conduct regular agency-wide risk assessments.
All IT departments can learn from NASA’s experience. Download the agency’s full report here.