Story Tools
 E-mail Story
 Print Friendly

 Send E-mail
To Dan Boyd

BY Recent stories
by Dan Boyd
$$ NewsLibrary Archives search for
Dan Boyd '95-now
Reprint story


Featured Jobs


Featured Jobs

Feature Your Jobs: call 823-4444















New Mexico
Around New Mexico

Fleeing Suspect Crashes; 1 Dead

At Their Fingertips

Servitude Charges Refuted

Herpes Threatens New Mexico Horses

Memorial Day Closures

Film Program: Take Two

New Director Named for Los Alamos Lab

Wife Takes Controls of Husband's Plane

Data on Crashes To Determine Patrols

Roswell Teen's Murder Trial Slated July 26 Two People Shot To Death April 16

Around New Mexico

Candidate Proposal Upsets Sandoval GOP

State Overhauls Film Industry Loan Program

Trestle Not Ready for Opening

Martinez, Wilson Rub Elbows at Economic Forum

Columbus Trustee Still Getting Paid

Applicants Sought for Court of Appeals

'Mindset' Faulted in Copter Crash


More New Mexico


          Front Page  news  state


Friday, August 14, 2009

Study: State Web Site Lacked Security

By Dan Boyd
Journal Capitol Bureau
       SANTA FE — A security assessment conducted on the secretary of state's computer system found substandard network security and a great risk of "single-point" failure across the system, which includes political campaign reports, lobbyist donations and sensitive financial records.
    The security assessment was conducted in June by an Albuquerque-based company for an initial fee of $15,000 shortly before the Secretary of State's Office placed its Internet database administrator on paid leave.
    Although much of the assessment report obtained by the Journal was whited out because the Secretary of State's Office feared it could reveal specific vulnerabilities to hackers, the report appears to draw similar conclusions as a Legislative Finance Committee evaluation requested by lawmakers.
    The LFC evaluation, presented to an interim legislative committee in July, found that the Secretary of State's Office has outdated software and a dearth of technical capability among its information technology staff and lacks a disaster recovery plan for its most heavily used systems.
    Secretary of State Mary Herrera sent a response letter this week to LFC Director David Abbey claiming the LFC evaluation contained misleading information and placed an "unmerited negative perception" on her office.
    Herrera said in the letter that many of the shortcomings identified by the LFC evaluation have already been targeted by the Secretary of State's Office in requests for legislative appropriations, many of which haven't been fulfilled.
    "The manner in which (the evaluation) was prepared gives the general impression that many of the items covered are recent discoveries in which minimal or no effort has been taken to rectify shortcomings" Herrera wrote to Abbey. "This is simply not true."
    The Secretary of State's Office has grappled with technology problems this summer, and the security assessment was ordered after the office's Web site was shut down in June to conduct repairs.
    Improvements to the secretary of state's computer systems have been made since the security assessment was conducted — although many of the LFC recommendations haven't been implemented — and officials say the network is now secure.

You also can send comments via our comment form