The Virginia Employment
Commission (VEC) has been maintaining and managing user access to the Wage File
System (WFS) since its inception in the mid 80’s. New regulations, best
practices and standards addressing emerging threats which include identity
theft, have modified the security landscape. The VEC decided to conduct a
security review in order to gain an understanding of the Wage Files System’s
exposure to new security threats and what could be done to remediate any risk
encountered.
Solution:
With the data being accessed from three different
channels and by more than 6,200 users (excluding VEC users) every quarter, the
review had to use a holistic approach and look at all of the main components:
the Inter Agency Agreements, the WFS itself and the External Users process and
procedures.
In three months, one of our Security Consultants executed
a full analysis of the application including, but not limited to:
Identity Management processes
Log and Access Analysis
Support and Configuration Management
Customer Agreements and Usage Statistics
Multi Channel Access Analysis
The
resulting security review listed all of the findings along their associated
vulnerabilities, risk ratings and recommended remediation approach.
Tools:
Microsoft Access
Microsoft Office
Results:
Comprehensive
security report with findings and action items providing a full security status
picture of the target application
Whenever
possible, the findings were immediately remediated by CapTech thus addressing
some 15% of all findings
Log
analysis database with automated audit letters to be sent to end users
increasing Internal Audit’s capabilities