MEMORANDUM

 

TO:                  James M. Eagen III

                        Chief Administrative Officer

 

FROM:            Steven A. McNamara

                        Inspector General

 

DATE:             September 17, 2003

 

SUBJECT:       Management of the House Information Security Function                            (Report No. 03-CAO-04)

 

This is our final report on the management of the U.S. House of Representatives (House) information security function.  The objectives of this audit were to evaluate the information security management function in the House to identify areas of risk and potential improvements from a best practices approach and to conduct a high-level risk assessment of the House network infrastructure.  In this report, we identified areas for improvement and made specific recommendations for corrective actions.

 

In response to our November 26, 2002 draft report, your office concurred with our findings and recommendations.  The April 28, 2003 management response is incorporated in this final report and included in its entirety as an appendix.  The corrective actions taken and planned by your office are appropriate and, if fully implemented, should adequately respond to the recommendations.  Further, the milestone dates provided for implementing corrective actions appear reasonable.  This report, which includes a discussion of overall issues and recommendations, is confidential and should not be released to anyone other than auditee management, except by approval of the House Office of Inspector General.

 

We appreciate the courtesy and cooperation extended to us by your staff.  If you have any questions or require additional information regarding this report, please call Christian Hendricks or me at (202) 226-1250.

 

cc:        Speaker of the House

Majority Leader of the House

Minority Leader of the House

Chairman, Committee on House Administration

Ranking Minority Member, Committee on House Administration

Members, Committee on House Administration