Department of Education
SeNet International has been providing the Department of Education with information security services since 2012 to support the Office of Inspector General’s independent evaluation of the effectiveness of the Department's overall information security program and practices. During this 3-year period, our assignments covered many aspects ranging from information security audit support to network and information security. Some of the more notable accomplishments with this client include:
- Provided audit expertise by developing a risk-based audit plan to assess the Office of Chief Information Officer (OCIO) and Federal Student Aid (FSA) management oversight controls of the EDUCATE and Dell Systems information security program for compliance with FISMA. We made the determination of the extent to which the Department’s information security plans, programs and practices comply with FISMA requirements, relevant OMB processes and reporting requirements, Federal Information Processing (FIPS) requirements, and applicable National Institute of Standards and Technology (NIST) special publications. As a result of the Modernization Act as of July 2015, we also made the determination on the effectiveness of the OCIO and FSA’s information security programs. As a result, we made various recommendations to assist the OCIO and FSA in the improvement of their Agency-wide information security program(s).
- We executed security reviews of the OCIO oversight of the Guarantee Agencies (GA) and Private Collection Agencies (PCA) who maintain personally identifiable information (PII). We were to make the determination as to whether the GA’s and PCA’s were in compliance with the Department’s security program policies and practices in how they secure PII data. As a result, we issued recommendations to the OCIO on how their oversight can be improved.
- In addition to FISMA, we conducted reviews of various applications within the Department’s the General Support System (GSS) to ensure the effectiveness of the general controls in place, and since some applications were contractor owned and operated we conducted a review of the OCIO’s oversight controls to ensure proper monitoring of their data housed on those contractor systems.
- Performing comprehensive mainframe security audit which examined the operating system layer, database, and security control package (i.e. Top Secret, ACF2). As a result of this work deficiencies were noted recommendations made to improve the mainframe security posture. The results of this assessment gained visibility at the highest level withinthe Department.
- As a component of each FISMA audit SeNet performed penetration testing and vulnerability scanning on selected systems. These systems ranged from large GSS to extremely important major applications. The types of testing included:
- Web Application
- The SeNet team also provided security training to OIG auditors in the form of classroom briefings and lab exercises.