%PDF-1.5
%
1 0 obj<>
endobj
2 0 obj<>
endobj
3 0 obj<>
endobj
5 0 obj null
endobj
6 0 obj<>
endobj
7 0 obj<>
endobj
8 0 obj<>>>
endobj
9 0 obj<>
endobj
10 0 obj<>]/C/SpdrArt/P 9 0 R/S/Article/Pg 11 0 R>>
endobj
11 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 0>>
endobj
12 0 obj<>
endobj
13 0 obj[10 0 R]
endobj
14 0 obj<>/Subtype/Link/A<>>>
endobj
15 0 obj[14 0 R 16 0 R]
endobj
16 0 obj<>/Subtype/Link/A<>>>
endobj
17 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 1>>
endobj
18 0 obj[10 0 R]
endobj
19 0 obj<>/Subtype/Link/A<>>>
endobj
20 0 obj[19 0 R]
endobj
21 0 obj<>
endobj
22 0 obj<>
endobj
23 0 obj<>
endobj
24 0 obj<>
endobj
25 0 obj<>
endobj
26 0 obj<>
endobj
27 0 obj<>
endobj
28 0 obj<>
endobj
29 0 obj 10348
endobj
30 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 9 0 0 9 18 780.17 Tm
(State Employment Security Agency \(SESA\) Internal Security Risk Analysi\
s Technical Assistance Guide)Tj
ET
EMC
/WebCaptureBG BMC
/WebCaptureFN <>BDC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
1 1 1 rg
10 730.5 592 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
0.80112 0.80112 0.80112 rg
10 711.5 m
602 711.5 l
599 708.5 l
13 708.5 l
h
f
10 711.5 m
10 452.16154 l
13 455.16154 l
13 708.5 l
h
f
0.31348 0.31348 0.31348 rg
602 711.5 m
602 452.16154 l
599 455.16154 l
599 708.5 l
h
f
10 452.16154 m
602 452.16154 l
599 455.16154 l
13 455.16154 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
0.45726 0.44862 0.43137 rg
15 706.5 m
349.73079 706.5 l
348.73079 705.5 l
16 705.5 l
h
f
15 706.5 m
15 534.24615 l
16 535.24615 l
16 705.5 l
h
f
0.94942 0.9447 0.93529 rg
349.73079 706.5 m
349.73079 534.24615 l
348.73079 535.24615 l
348.73079 705.5 l
h
f
15 534.24615 m
349.73079 534.24615 l
348.73079 535.24615 l
16 535.24615 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
EMC
/Artifact <>BDC
Q
0.45726 0.44862 0.43137 rg
351.73079 706.5 m
597 706.5 l
596 705.5 l
352.73079 705.5 l
h
f
351.73079 706.5 m
351.73079 650.41539 l
352.73079 651.41539 l
352.73079 705.5 l
h
f
0.94942 0.9447 0.93529 rg
597 706.5 m
597 650.41539 l
596 651.41539 l
596 705.5 l
h
f
351.73079 650.41539 m
597 650.41539 l
596 651.41539 l
352.73079 651.41539 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
EMC
/Artifact <>BDC
Q
1 1 1 rg
353.73079 652.41539 241.26921 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
0.45726 0.44862 0.43137 rg
351.73079 648.41539 m
597 648.41539 l
596 647.41539 l
352.73079 647.41539 l
h
f
351.73079 648.41539 m
351.73079 592.33076 l
352.73079 593.33076 l
352.73079 647.41539 l
h
f
0.94942 0.9447 0.93529 rg
597 648.41539 m
597 592.33076 l
596 593.33076 l
596 647.41539 l
h
f
351.73079 592.33076 m
597 592.33076 l
596 593.33076 l
352.73079 593.33076 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
EMC
/Artifact <>BDC
Q
1 1 1 rg
353.73079 594.33076 241.26921 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
0.45726 0.44862 0.43137 rg
351.73079 590.33076 m
597 590.33076 l
596 589.33076 l
352.73079 589.33076 l
h
f
351.73079 590.33076 m
351.73079 534.24615 l
352.73079 535.24615 l
352.73079 589.33076 l
h
f
0.94942 0.9447 0.93529 rg
597 590.33076 m
597 534.24615 l
596 535.24615 l
596 589.33076 l
h
f
351.73079 534.24615 m
597 534.24615 l
596 535.24615 l
352.73079 535.24615 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
EMC
/Artifact <>BDC
Q
1 1 1 rg
353.73079 536.24615 241.26921 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
0.45726 0.44862 0.43137 rg
15 532.24615 m
349.73079 532.24615 l
348.73079 531.24615 l
16 531.24615 l
h
f
15 532.24615 m
15 457.16154 l
16 458.16154 l
16 531.24615 l
h
f
0.94942 0.9447 0.93529 rg
349.73079 532.24615 m
349.73079 457.16154 l
348.73079 458.16154 l
348.73079 531.24615 l
h
f
15 457.16154 m
349.73079 457.16154 l
348.73079 458.16154 l
16 458.16154 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
1 1 1 rg
17 478.16154 330.73079 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
0.45726 0.44862 0.43137 rg
351.73079 532.24615 m
597 532.24615 l
596 531.24615 l
352.73079 531.24615 l
h
f
351.73079 532.24615 m
351.73079 457.16154 l
352.73079 458.16154 l
352.73079 531.24615 l
h
f
0.94942 0.9447 0.93529 rg
597 532.24615 m
597 457.16154 l
596 458.16154 l
596 531.24615 l
h
f
351.73079 457.16154 m
597 457.16154 l
596 458.16154 l
352.73079 458.16154 l
h
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
1 1 1 rg
353.73079 468.66154 241.26921 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
EMC
/Artifact <>BDC
EMC
/Artifact <>BDC
Q
13 413.66154 73.3425 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
90.3425 413.66154 4.57875 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
98.92125 413.66154 500.07875 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
13 353.36154 73.3425 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
90.3425 353.36154 4.57875 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
98.92125 353.36154 500.07875 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
13 312.06154 73.3425 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
90.3425 312.06154 4.57875 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
98.92125 279.06154 500.07875 49.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
13 237.76154 73.3425 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
90.3425 237.76154 4.57875 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
98.92125 221.26154 500.07875 33 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
EMC
/Artifact <>BDC
Q
10 182.76154 592 16.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
50 130.38882 552 33.37273 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
50 76.0161 552 35.37273 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
50 36 552 21.0161 re
f
EMC
EMC
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
BT
/TT0 1 Tf
13.75 0 0 13.75 10 735.23244 Tm
( )Tj
/TT1 1 Tf
16.15384 0 0 16.15384 64.57155 662.45113 Tm
(U.S. DEPARTMENT OF LABOR)Tj
14 0 0 14 54.98639 644.9397 Tm
(Employment and Training Administration)Tj
3.7925 -1.2 Td
(Washington, D. C. 20210)Tj
/T1_0 1 Tf
( )Tj
/TT1 1 Tf
12.92308 0 0 12.92308 353.73079 692.58325 Tm
(CLASSIFICATION)Tj
/T1_0 1 Tf
14 0 0 14 465.02432 692.58325 Tm
( )Tj
0.25098 0.50197 0.50197 rg
/T1_1 1 Tf
13.75 0 0 13.75 353.73079 657.03947 Tm
(UI/Risk Analysis )Tj
0 0 0 rg
/TT1 1 Tf
12.92308 0 0 12.92308 353.73079 634.49863 Tm
(CORRESPONDENCE SYMBOL)Tj
/T1_0 1 Tf
14 0 0 14 539.33202 634.49863 Tm
( )Tj
0.25098 0.50197 0.50197 rg
/T1_1 1 Tf
13.75 0 0 13.75 353.73079 598.95485 Tm
(TEUM)Tj
0 0 0 rg
/TT1 1 Tf
12.92308 0 0 12.92308 353.73079 576.41402 Tm
(ISSUE DATE)Tj
/T1_0 1 Tf
14 0 0 14 430.20956 576.41402 Tm
( )Tj
0.25098 0.50197 0.50197 rg
/T1_1 1 Tf
13.75 0 0 13.75 353.73079 540.87024 Tm
(October 28, 1987)Tj
0 0 0 rg
/TT1 1 Tf
12.92308 0 0 12.92308 17 518.32941 Tm
(RESCISSIONS)Tj
/T1_0 1 Tf
14 0 0 14 102.46031 518.32941 Tm
( )Tj
0.25098 0.50197 0.50197 rg
/T1_1 1 Tf
13.75 0 0 13.75 17 482.78563 Tm
( )Tj
0 0 0 rg
/TT1 1 Tf
12.92308 0 0 12.92308 353.73079 508.82941 Tm
(EXPIRATION DATE)Tj
/T1_0 1 Tf
14 0 0 14 475.42741 508.82941 Tm
( )Tj
0.25098 0.50197 0.50197 rg
/T1_1 1 Tf
13.75 0 0 13.75 353.73079 473.28563 Tm
(September 30, 1988)Tj
0 0 0 rg
/TT2 1 Tf
-24.78043 -3.96501 Td
(DIRECTIVE)Tj
5.62491 0 Td
(:)Tj
0.25098 0.50197 0.50197 rg
0.62392 0 Td
(UNEMPLOYMENT INSURANCE PROGRAM LETTER NO. 42-87, Change 1)Tj
0 0 0 rg
/T1_0 1 Tf
14 0 0 14 13 378.6371 Tm
( )Tj
/TT2 1 Tf
13.75 0 0 13.75 13 358.46669 Tm
(TO)Tj
5.62491 0 Td
(:)Tj
0.62392 0 Td
(ALL STATE EMPLOYMENT SECURITY AGENCIES)Tj
/T1_0 1 Tf
14 0 0 14 13 337.3371 Tm
( )Tj
/TT2 1 Tf
13.75 0 0 13.75 13 317.1667 Tm
(FROM)Tj
5.62491 0 Td
(:)Tj
0.62392 0 Td
(DONALD J. KULICK)Tj
0 -1.2 TD
(Administrator)Tj
T*
(for Regional Management)Tj
/T1_0 1 Tf
14 0 0 14 13 263.03709 Tm
( )Tj
/TT2 1 Tf
13.75 0 0 13.75 13 242.8667 Tm
(SUBJECT)Tj
5.62491 0 Td
(:)Tj
1 0 0 rg
0.62392 0 Td
(State Employment Security Agency \(SESA\) Internal Security Risk Analysi\
s )Tj
T*
(Technical Assistance Guide)Tj
0 0 0 rg
/TT0 1 Tf
-6.467 -2.8271 Td
( )Tj
/T1_0 1 Tf
14 0 0 14 32.5 151.99397 Tm
(1. )Tj
/TT2 1 Tf
13.75 0 0 13.75 50 151.99397 Tm
(Purpose.)Tj
/TT0 1 Tf
( To transmit reissued Section of the Risk Analysis Technical Assistance \
Guide )Tj
0 -1.22711 TD
(entitled "Final report - Vol 1: Findings, Analyses and Recommendations \(\
Document E-1\).)Tj
/T1_0 1 Tf
14 0 0 14 32.5 99.62126 Tm
(2. )Tj
/TT2 1 Tf
13.75 0 0 13.75 50 99.62126 Tm
(References.)Tj
/TT0 1 Tf
( ET Handbook No. 376; UI Risk Analysis Guidance Documents distributed to\
)Tj
T*
(SESAs in June 1982; )Tj
ET
0 0 1 RG
0.66 w 10 M 0 j 0 J []0 d
183.75999 80.76854 m
281.5775 80.76854 l
S
0 0 1 rg
BT
/TT0 1 Tf
13.75 0 0 13.75 183.75999 82.74854 Tm
(UIPL NO. 34-87)Tj
0 0 0 rg
(; and )Tj
ET
315.98 80.76854 m
410.745 80.76854 l
S
0 0 1 rg
BT
/TT0 1 Tf
13.75 0 0 13.75 315.98 82.74854 Tm
(UIPL No. 42-87)Tj
0 0 0 rg
(.)Tj
/T1_0 1 Tf
14 0 0 14 32.5 45.24854 Tm
(3. )Tj
/TT2 1 Tf
13.75 0 0 13.75 50 45.24854 Tm
(Background.)Tj
/TT0 1 Tf
( Risk Analysis Technical Assistance Documents A-F were recently )Tj
ET
EMC
/Artifact <>BDC
Q
0 0 0 rg
BT
/T1_0 1 Tf
9 0 0 9 18 7.17 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1.htm \(1 of 2\)\
3/7/2008 8:06:37 AM)Tj
ET
EMC
endstream
endobj
31 0 obj 2731
endobj
32 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 9 0 0 9 18 780.17 Tm
(State Employment Security Agency \(SESA\) Internal Security Risk Analysi\
s Technical Assistance Guide)Tj
ET
EMC
/WebCaptureBG BMC
/WebCaptureFN <>BDC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
1 1 1 rg
50 650.5 552 115.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
50 598.12727 552 33.37273 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
50 562.25456 552 16.87273 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
50 524.75456 552 18.5 re
f
EMC
q
0 18 612 756 re
W* n
/Artifact <>BDC
Q
10 489.25456 592 16.5 re
f
EMC
EMC
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
BT
/TT0 1 Tf
13.75 0 0 13.75 50 754.23244 Tm
(transmitted to all SESAs along with UIPL No. 42-87. The attached Documen\
t E-1 entitled )Tj
0 -1.2 TD
("Final Report - Vol 1: Findings, Analyses and Recommendations" was inadv\
ertently )Tj
T*
(omitted from that transmittal. The methodology contained in Risk Analysi\
s Technical )Tj
T*
(Assistance Documents A-F is intended to be used solely as a technical as\
sistance guide )Tj
T*
(at the SESA's discretion in the conduct of risk analyses. Such risk anal\
yses may be )Tj
T*
(completed as a separate review or as a part of an overall audit of agenc\
y operations, as )Tj
T*
(established in OMB Circular No. A-128.)Tj
/T1_0 1 Tf
14 0 0 14 32.5 619.73244 Tm
(4. )Tj
/TT1 1 Tf
13.75 0 0 13.75 50 619.73244 Tm
(Action Required.)Tj
/TT0 1 Tf
( SESA Administrators should ensure that the Risk Analysis technical )Tj
0 -1.22711 TD
(Assistance Guide Document E-1 is distributed to appropriate staff.)Tj
/T1_0 1 Tf
14 0 0 14 32.5 567.35971 Tm
(5. )Tj
/TT1 1 Tf
13.75 0 0 13.75 50 567.35971 Tm
(Inquiries.)Tj
/TT0 1 Tf
( Refer all questions to the appropriate Regional Office.)Tj
/T1_0 1 Tf
14 0 0 14 32.5 531.487 Tm
(6. )Tj
/TT1 1 Tf
13.75 0 0 13.75 50 531.487 Tm
(Attachment.)Tj
/TT0 1 Tf
( )Tj
ET
0 0 1 RG
0.66 w 10 M 0 j 0 J []0 d
133.27 529.507 m
583.34875 529.507 l
S
0 0 1 rg
BT
/TT0 1 Tf
13.75 0 0 13.75 133.27 531.487 Tm
(Internal Security Risk Analysis Technical Assistance Guide Document E-1)Tj
0 0 0 rg
-8.96509 -2.72726 Td
( )Tj
ET
EMC
/Artifact <>BDC
Q
0 0 0 rg
BT
/T1_0 1 Tf
9 0 0 9 18 7.17 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1.htm \(2 of 2\)\
3/7/2008 8:06:37 AM)Tj
ET
EMC
endstream
endobj
33 0 obj(State Employment Security Agency \(SESA\) Internal Security Risk Analysis Technical Assistance Guide)
endobj
34 0 obj<>
endobj
35 0 obj<>
endobj
36 0 obj<>
endobj
37 0 obj<>
endobj
38 0 obj[35 0 R]
endobj
39 0 obj(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1.htm)
endobj
40 0 obj(O!L,#VT)
endobj
41 0 obj<>
endobj
42 0 obj<>
endobj
43 0 obj(5'zI[ )
endobj
44 0 obj<>
endobj
45 0 obj<>
endobj
46 0 obj<>
endobj
47 0 obj<>
endobj
48 0 obj<>
endobj
49 0 obj<>stream
State Employment Security Agency (SESA) Internal Security Risk Analysis Technical Assistance Guide
endstream
endobj
xref
0 50
0000000004 65535 f
0000000016 00000 n
0000000143 00000 n
0000000201 00000 n
0000000000 00001 f
0000000427 00000 n
0000000447 00000 n
0000000513 00000 n
0000000613 00000 n
0000000657 00000 n
0000000704 00000 n
0000000797 00000 n
0000001025 00000 n
0000001069 00000 n
0000001093 00000 n
0000001292 00000 n
0000001323 00000 n
0000001521 00000 n
0000001726 00000 n
0000001750 00000 n
0000001954 00000 n
0000001978 00000 n
0000002068 00000 n
0000003241 00000 n
0000003409 00000 n
0000004596 00000 n
0000004778 00000 n
0000004869 00000 n
0000006046 00000 n
0000006220 00000 n
0000006242 00000 n
0000016643 00000 n
0000016664 00000 n
0000019448 00000 n
0000019566 00000 n
0000019602 00000 n
0000019698 00000 n
0000019727 00000 n
0000019836 00000 n
0000019860 00000 n
0000019939 00000 n
0000019973 00000 n
0000020091 00000 n
0000020142 00000 n
0000020176 00000 n
0000020219 00000 n
0000020260 00000 n
0000020301 00000 n
0000020385 00000 n
0000020565 00000 n
trailer
<]>>
startxref
23962
%%EOF
1 0 obj<>
endobj
2 0 obj<>
endobj
3 0 obj<>
endobj
6 0 obj<>
endobj
7 0 obj<>
endobj
8 0 obj<><>]>>
endobj
9 0 obj<>
endobj
11 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 0>>
endobj
12 0 obj<>
endobj
17 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 1>>
endobj
19 0 obj<>/Subtype/Link/A<>/PA<>>>
endobj
38 0 obj[35 0 R 718 0 R]
endobj
44 0 obj<>
endobj
45 0 obj<>
endobj
46 0 obj<>
endobj
47 0 obj<>
endobj
48 0 obj<>
endobj
50 0 obj null
endobj
51 0 obj<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>]/C/SpdrArt/P 9 0 R/S/Article/Pg 52 0 R>>
endobj
52 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 2>>
endobj
53 0 obj[51 0 R]
endobj
54 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 3>>
endobj
55 0 obj[51 0 R]
endobj
56 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 4>>
endobj
57 0 obj[51 0 R]
endobj
58 0 obj<>/Subtype/Link/A<>/PA<>>>
endobj
59 0 obj[58 0 R 60 0 R]
endobj
60 0 obj<>/Subtype/Link/A<>/PA<>>>
endobj
61 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 5>>
endobj
62 0 obj[51 0 R]
endobj
63 0 obj<>/Subtype/Link/A<>/PA<>>>
endobj
64 0 obj[63 0 R]
endobj
65 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 6>>
endobj
66 0 obj[51 0 R]
endobj
67 0 obj<>
endobj
68 0 obj[65 0 R/XYZ 0 423.967224 null]
endobj
69 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 7>>
endobj
70 0 obj[51 0 R]
endobj
71 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 8>>
endobj
72 0 obj[51 0 R]
endobj
73 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 9>>
endobj
74 0 obj[51 0 R]
endobj
75 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 10>>
endobj
76 0 obj<>
endobj
77 0 obj<>
endobj
78 0 obj[51 0 R]
endobj
79 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 11>>
endobj
80 0 obj[51 0 R]
endobj
81 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 12>>
endobj
82 0 obj<>
endobj
83 0 obj<>
endobj
84 0 obj<>
endobj
85 0 obj 2249
endobj
86 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 737.68518 Tm
( )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
12.00505 0 0 12.00505 199.93544 689.53563 Tm
(\(Attachment to UIPL 42-87, change 1\))Tj
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 656.76546 Tm
( )Tj
T*
( )Tj
/T1_2 1 Tf
0.21429 -1.41429 Td
(DOCUMENT E- 1)Tj
/T1_0 1 Tf
-0.21429 -1.41428 Td
( )Tj
/T1_2 1 Tf
0.21429 -1.41429 Td
(RISK)Tj
T*
(ANALYSIS)Tj
T*
(TECHNICAL)Tj
T*
(ASSISTANCE)Tj
T*
(GUIDE)Tj
ET
0.5 0.5 0.5 rg
9.28961 508.03111 m
9.28961 509.88902 l
602.71039 509.88902 l
601.78143 508.96007 l
10.21857 508.96007 l
10.21857 508.96007 l
h
f
0.875 0.875 0.875 rg
602.71039 509.88902 m
602.71039 508.03111 l
9.28961 508.03111 l
10.21857 508.96007 l
601.78143 508.96007 l
601.78143 508.96007 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 490.29552 Tm
( )Tj
T*
( )Tj
/T1_1 1 Tf
19.1198 -2.56966 Td
(FINAL REPORT )Tj
4.05164 -1.2 Td
( )Tj
-13.21915 -1.2 Td
(COMPUTER SECURITY REVIEW AND RISK ANALYSIS )Tj
13.21915 -1.2 Td
( )Tj
-13.44064 -1.2 Td
(UNEMPLOYMENT INSURANCE BUREAU OPERATIONS )Tj
13.44064 -1.2 Td
( )Tj
-14.21915 -1.2 Td
(VOL 1: FINDINGS, ANALYSES AND RECOMMENDATIONS )Tj
14.21915 -1.2 Td
( )Tj
12.00505 0 0 12.00505 269.97887 299.64323 Tm
(presented to )Tj
3.38741 -1.2 Td
( )Tj
-11.16589 -1.2 Td
(STATE OFFICE OF EMPLOYMENT SECURITY )Tj
6.41701 -1.2 Td
(123 MAIN STREET )Tj
-2.63901 -1.2 Td
(CAPITALTOWN STATE 12345)Tj
/T1_0 1 Tf
13.00546 0 0 13.00546 310.64481 209.24886 Tm
( )Tj
T*
( )Tj
/T1_2 1 Tf
-11.44286 -1.41429 Td
(prepared by)Tj
T*
(EDP AUDIT CONTROLS, INC.)Tj
T*
( )Tj
/T1_0 1 Tf
14.68571 2.39999 Td
( )Tj
/T1_2 1 Tf
0.88571 0 Td
(March 1983)Tj
T*
(Reissued)Tj
T*
(August 1987)Tj
ET
0.5 0.5 0.5 rg
9.28961 128.5145 m
9.28961 130.37242 l
602.71039 130.37242 l
601.78143 129.44347 l
10.21857 129.44347 l
10.21857 129.44345 l
h
f
0.875 0.875 0.875 rg
602.71039 130.37242 m
602.71039 128.5145 l
9.28961 128.5145 l
10.21857 129.44345 l
601.78143 129.44345 l
601.78143 129.44347 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 310.64481 93.12865 Tm
( )Tj
T*
( )Tj
/T1_1 1 Tf
-3.46814 -2.56966 Td
(DISCLAIMER)Tj
ET
EMC
Q
endstream
endobj
87 0 obj[51 0 R]
endobj
88 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 13>>
endobj
89 0 obj 2694
endobj
90 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 310.64481 742.85542 Tm
( )Tj
0 -1.2 TD
( )Tj
-19.85715 -1.2 Td
(THIS COMPUTER SECURITY REVIEW AND RISK ANALYSIS HAS BEEN COMPOSED )Tj
1.2 -1.2 Td
(FOR EDUCATIONAL PURPOSES ONLY. AS AN INSTRUCTIONAL DOCUMENT. )Tj
-1.2 -1.2 Td
(THIS ARTIFICIAL RISK ANALYSIS PRODUCT DOES NOT IN ANY WAY REFLECT )Tj
T*
(THE PRACTICES OR PROCEDURES FOLLOWED BY ANY ACTUAL EXISTING STATE )Tj
14.10001 -1.2 Td
(EMPLOYMENT AGENCY.)Tj
ET
0.5 0.5 0.5 rg
9.28961 636.48172 m
9.28961 638.33965 l
602.71039 638.33965 l
601.78143 637.41069 l
10.21857 637.41069 l
10.21857 637.41068 l
h
f
0.875 0.875 0.875 rg
602.71039 638.33965 m
602.71039 636.48172 l
9.28961 636.48172 l
10.21857 637.41068 l
601.78143 637.41068 l
601.78143 637.41069 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 618.74612 Tm
( )Tj
T*
( )Tj
/T1_1 1 Tf
0 -2.56966 TD
(EXECUTIVE SUMMARY)Tj
/T1_0 1 Tf
0 -2.54463 TD
( )Tj
0 -1.2 TD
(This document is Volume 1 of a two-volume report which details the )Tj
T*
(results of a risk analysis of the EDP-related aspects of the )Tj
T*
(Unemployment Insurance Bureau claims processing operations at the )Tj
T*
(State Office of Employment Security \(SOES\). This volume contains )Tj
T*
(all findings, analyses and recommendations. )Tj
T*
( )Tj
T*
(Chapter 1 of the report summarizes the major findings and )Tj
T*
(recommendations. )Tj
T*
( )Tj
T*
(Chapter 2 discusses in detail environmental and general risks )Tj
T*
(faced equally by all elements of SOES. )Tj
T*
( )Tj
T*
(Chapter 3 discusses risks due to specific problems with the )Tj
T*
(policies, practices, procedures and organizational structure of )Tj
T*
(the SOES Unemployment Insurance Bureau operation. )Tj
T*
( )Tj
T*
(Volume 2 contains all risk analysis worksheets and descriptions of )Tj
T*
(the methodologies employed. )Tj
T*
( )Tj
T*
(During our security review and risk analysis of the Office of )Tj
T*
(Employment Security's Unemployment Insurance Bureau Operations we )Tj
T*
(observed the following major strengths:)Tj
0.45714 -2.55714 Td
(1. )Tj
(SOES management is highly skilled in handling crises. This )Tj
2.39999 -1.2 Td
(was clearly demonstrated during the 1982-1983 union strike. In )Tj
T*
(our judgment, SOES's overall position after the difficulties was )Tj
T*
(stronger than before. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(2. )Tj
(SOES is moving towards the establishment of one of the most )Tj
2.39999 -1.2 Td
(disaster-resistant claims processing setups that EDP/AC has ever )Tj
T*
(observed. This will be achieved when each of the Unemployment )Tj
ET
EMC
Q
endstream
endobj
91 0 obj[51 0 R]
endobj
92 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 14>>
endobj
93 0 obj<>
endobj
94 0 obj 2885
endobj
95 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 46.44809 755.33545 Tm
(Insurance Bureau field offices carries out all aspects of claims )Tj
0 -1.2 TD
(processing.)Tj
-2.85715 -2.55714 Td
( )Tj
T*
( )Tj
T*
(We also observed the following major weaknesses:)Tj
0.45714 -2.55714 Td
(1. )Tj
(There is a lack of effective separation between software )Tj
2.39999 -1.2 Td
(support activities and Unemployment Insurance Bureau production )Tj
T*
(operations. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(2. )Tj
(The Threeville field office is deficient in physical access )Tj
2.39999 -1.2 Td
(controls and is located in an area susceptible to floods and )Tj
T*
(earthquakes. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(3. )Tj
(Headquarters offices are located in an earthquake-prone area. )Tj
2.39999 -1.2 Td
(An effective disaster recovery plan is needed. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(4. )Tj
(Technical \(hardware and software\) security controls over the )Tj
2.39999 -1.2 Td
(Comprehensive Unemployment Insurance System \(CUIS\) and )Tj
T*
(Unemployment Insurance Bureau data files are )Tj
T*
(inadequate.)Tj
ET
0.5 0.5 0.5 rg
9.28961 393.12569 m
9.28961 394.98361 l
602.71039 394.98361 l
601.78143 394.05466 l
10.21857 394.05466 l
10.21857 394.05464 l
h
f
0.875 0.875 0.875 rg
602.71039 394.98361 m
602.71039 393.12569 l
9.28961 393.12569 l
10.21857 394.05464 l
601.78143 394.05464 l
601.78143 394.05466 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 375.39009 Tm
( )Tj
T*
( )Tj
/T1_1 1 Tf
17.42529 -2.56966 Td
(TABLE OF CONTENTS)Tj
/T1_0 1 Tf
-17.42529 -2.54463 Td
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Section)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
0 0 1 RG
0.39796 w 10 M 0 j 0 J []0 d
9.28961 229.64975 m
305.81421 229.64975 l
S
0 0 1 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 230.84364 Tm
(CHAPTER 1 FINDINGS AND RECOMMENDATIONS)Tj
0 0 0 rg
( )Tj
0 -1.34286 TD
( 1.1 INTRODUCTION )Tj
0 -1.2 TD
( 1.2 SUMMARY OF FINDINGS AND RECOMMENDATIONS )Tj
T*
( 1.3 SUMMARY OF ALES, SAFEGUARD COSTS AND SAVINGS )Tj
T*
( )Tj
ET
9.28961 149.75903 m
196.56831 149.75903 l
S
0 0 1 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 150.95294 Tm
(CHAPTER 2 GENERAL ISSUES)Tj
0 0 0 rg
0 -1.34286 TD
( 2.1 FIRE )Tj
0 -1.2 TD
( 2.2 FLOODS AND OTHER WATER DAMAGE )Tj
T*
( 2.3 EARTHQUAKES )Tj
T*
( 2.4 TORNADOES )Tj
T*
( 2.5 POWER OUTAGES )Tj
T*
( 2.6 A/C OR HEATING FAILURE )Tj
T*
( 2.7 THEFT/ROBBERY/UNAUTHORIZED ACCESS )Tj
ET
EMC
Q
endstream
endobj
96 0 obj[51 0 R]
endobj
97 0 obj[92 0 R/XYZ 0 58.896179 null]
endobj
98 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 15>>
endobj
99 0 obj<>
endobj
100 0 obj 3513
endobj
101 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
ET
0 0 1 RG
0.39796 w 10 M 0 j 0 J []0 d
9.28961 738.53499 m
204.37158 738.53499 l
S
0 0 1 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 739.7289 Tm
(CHAPTER 3 SPECIFIC ISSUES)Tj
0 0 0 rg
( )Tj
0 -1.34286 TD
( 3.1 INTRODUCTION )Tj
0 -1.2 TD
( 3.2 SOES, UNEMPLOYMENT INSURANCE BUREAU )Tj
T*
( 3.2.1 UNEMPLOYMENT INSURANCE BUREAU CLAIMS OPERATIONS )Tj
T*
( 3.2.1.1 FOURVILLE FIELD OFFICE )Tj
T*
( 3.2.1.1.1 EMPLOYER'S CHARGE )Tj
T*
( 3.2.1.1.2 ADJUSTMENTS AND OVERPAYMENTS )Tj
T*
( 3.2.1.1.3 ADJUDICATIONS )Tj
T*
( 3.2.1.1.4 CLERICAL SUPPORT )Tj
T*
( 3.2.1.1.5 AUDITING/TRAINING )Tj
T*
( 3.2.1.1.6 TSI SUPPORT )Tj
T*
( 3.2.1.1.7 PERSONNEL )Tj
T*
( 3.2.1.2 TWOVILLE FILED OFFICE )Tj
T*
( 3.2.1.2.1 DATA ENTRY )Tj
T*
( 3.2.1.2.2 CORRESPONDENCE )Tj
T*
( 3.2.1.2.3 CASH DISPOSITION )Tj
T*
( 3.2.1.2.4 TELEPHONES )Tj
T*
( 3.2.1.2.5 AUDITING/TRAINING )Tj
T*
( 3.2.1.2.6 TSI SUPPORT )Tj
T*
( 3.2.1.2.7 PERSONNEL )Tj
T*
( 3.2.1.3 THREEVILLE FIELD OFFICE )Tj
T*
( 3.2.1.3.1 DATA ENTRY )Tj
T*
( 3.2.1.3.2 CORRESPONDENCE )Tj
T*
( 3.2.1.3.3 AUDITING AND TRAINING )Tj
T*
( 3.2.1.3.4 TURNKEY SYSTEMS INC. \(TSI\) SUPPORT )Tj
T*
( 3.2.1.3.5 PERSONNEL )Tj
T*
( 3.2.2 UNEMPLOYMENT INSURANCE BUREAU MANAGEMENT SERVICES )Tj
T*
( 3.2.3 LIAISON AND EMPLOYER AUDIT AND REVIEW )Tj
T*
( 3.2.3.1 EMPLOYER AUDIT AND REVIEW )Tj
T*
( 3.2.3.1.1 INITIAL EMPLOYER REVIEW UNIT )Tj
T*
( 3.2.3.1.2 EMPLOYER AUDIT UNIT )Tj
T*
( 3.2.3.1.3 PROGRAM INTEGRITY )Tj
T*
( 3.2.2.1 LIAISON )Tj
T*
( 3.2.3.2.1 LIAISON )Tj
T*
( 3.2.3.2.2 FAIR HEARINGS )Tj
T*
( 3.2.4 EMPLOYER TAX RECORDS )Tj
T*
( 3.3 TURNKEY SYSTEMS INCE, SOFTWARE SUPPORT \(headquarters\) )Tj
T*
( 3.3.1 FE TEAM )Tj
T*
( 3.3.2 B TEAM )Tj
T*
( 3.3.3 SYSTEM SUPPORT )Tj
T*
( 3.4 TURNKEY SYSTEMS INCE. MAIN DATA CENTER )Tj
T*
( 3.4.1 MAIN DATA CENTER SECURITY )Tj
0 -1.20001 TD
( 3.4.2 SYSTEMS SOFTWARE )Tj
0 -1.2 TD
( 3.4.3 ONLINE APPLICATIONS )Tj
0 -1.2 TD
( 3.4.4 TECH SUPPORT/RTI DIVISION )Tj
ET
EMC
Q
endstream
endobj
102 0 obj[51 0 R]
endobj
103 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 16>>
endobj
104 0 obj 2432
endobj
105 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( 3.4.5 DATA MANAGEMENT DIVISION )Tj
0 -1.2 TD
( 3.4.5.1 TAPE LIBRARY )Tj
T*
( 3.4.5.2 MINI COMPUTER GROUP )Tj
T*
( 3.4.6 ONLINE/RJE DIVISION )Tj
T*
( 3.4.7 OUTPUT CONTROL DIVISION )Tj
T*
( 3.5 ACCOUNTING SERVICES )Tj
T*
( 3.5.1 PROGRAMS ACCOUNTING )Tj
T*
( 3.6 LEGAL AFFAIRS )Tj
T*
( 3.7 CONSUMER AFFAIRS )Tj
T*
( 3.8 GENERAL AUDIT )Tj
T*
( 3.9 PLANS AND RESEARCH )Tj
T*
( 3.10 PERSONNEL ADMINISTRATION )Tj
T*
( 3.10.1 COMPENSATION AND BENEFITS )Tj
T*
( 3.10.2 EMPLOYEE/LABOR RELATIONS )Tj
T*
( 3.10.3 EMPLOYEE SELECTION/DEVELOPMENT )Tj
T*
( 3.11 GENERAL SERVICES )Tj
T*
( 3.11.1 FACILITIES )Tj
T*
( 3.11.2 MAIL AND DISTRIBUTION )Tj
T*
( 3.11.3 MATERIEL SERVICES)Tj
ET
0.5 0.5 0.5 rg
9.28961 461.68306 m
9.28961 463.54099 l
602.71039 463.54099 l
601.78143 462.61203 l
10.21857 462.61203 l
10.21857 462.61201 l
h
f
0.875 0.875 0.875 rg
602.71039 463.54099 m
602.71039 461.68306 l
9.28961 461.68306 l
10.21857 462.61201 l
601.78143 462.61201 l
601.78143 462.61203 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 443.94748 Tm
( )Tj
/T1_1 1 Tf
19.98079 -3.76965 Td
(CHAPTER 1)Tj
-6.1385 -2.39999 Td
(FINDINGS AND RECOMMENDATIONS)Tj
/T1_0 1 Tf
-13.84229 -2.54463 Td
( )Tj
/T1_2 1 Tf
0 -2.39999 TD
(1.1. INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(This chapter contains a summary of all findings and )Tj
T*
(recommendations resulting from the risk analysis. The finding )Tj
T*
(number is the key to the to the section of the report in which the \
)Tj
T*
(finding is discussed and the risk analysis calculations are )Tj
T*
(explained. The finding number is equal to the section number )Tj
T*
(followed by a dash followed by the ordinal number of the finding )Tj
T*
(within the section. For example, Finding 3.9.2.4-3 would be the )Tj
T*
(third finding in Chapter 3, section 3.9.2.4. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(1.2 SUMMARY OF FINDINGS AND RECOMMENDATIONS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(Finding 2.2-1:)Tj
/T1_0 1 Tf
( The Threeville Field Office is )Tj
T*
(subject to flooding. )Tj
/T1_3 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Prepare a formal contingency plan for )Tj
T*
(the field office. )Tj
ET
EMC
Q
endstream
endobj
106 0 obj[51 0 R]
endobj
107 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 17>>
endobj
108 0 obj 3012
endobj
109 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(Finding 2.3-1:)Tj
/T1_0 1 Tf
( The risk of earthquake damage to )Tj
T*
(the State Office of Employment Security Oneville facilities and )Tj
T*
(their contents should be accounted for in a contingency plan. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Prepare a detailed contingency plan for )Tj
T*
(SOES's Oneville facilities. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 2.3-2:)Tj
/T1_0 1 Tf
( The Threeville field office )Tj
T*
(building could collapse during an earthquake. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Prepare a contingency plan for the )Tj
T*
(Threeville Field Office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 2.7-1:)Tj
/T1_0 1 Tf
( Headquarters offices are )Tj
T*
(susceptible to unauthorized access. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Monitor the performance of the guard )Tj
T*
(force and demand compliance with established procedures. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 2.7-2:)Tj
/T1_0 1 Tf
( The wearing of badges at 456 Main )Tj
T*
(Street is not enforced. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Enforce the wearing of badges at 456 )Tj
T*
(Main street. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 2.7-3:)Tj
/T1_0 1 Tf
( The State Supply warehouse is )Tj
T*
(susceptible to unauthorized access. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( N/A. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 2.7-4:)Tj
/T1_0 1 Tf
( The Threeville Field Office is )Tj
T*
(susceptible to unauthorized access. )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Repair the gap in the rear exit door. )Tj
0 -1.2 TD
(Replace the photoelectric beam detectors with motion detectors. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(Finding 2.7-5:)Tj
/T1_0 1 Tf
( The custodial services at the )Tj
0 -1.2 TD
(field offices perform their duties after hours and are not )Tj
T*
(supervised by SOES personnel. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Have the custodial services perform )Tj
T*
(their duties during normal business hours. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.1-1:)Tj
/T1_0 1 Tf
( The Wage Record file is )Tj
T*
(unprotected. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Provide secure storage for the Wage )Tj
T*
(Record file at the Fourville field office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.1-2:)Tj
/T1_0 1 Tf
( The outside entrance to the )Tj
T*
(Fourville field office is unmonitored during the early morning and \
)Tj
T*
(late afternoon hours. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Ensure that the reception area is )Tj
T*
(staffed at all times when the main entrance door is unlocked. )Tj
ET
EMC
Q
endstream
endobj
110 0 obj[51 0 R]
endobj
111 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 18>>
endobj
112 0 obj 2940
endobj
113 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(Alternatively, install a bell or other signaling device which will \
)Tj
0 -1.2 TD
(sound when the door is opened from the outside. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.1.2-1:)Tj
/T1_0 1 Tf
( It is possible for a )Tj
T*
(processor in the Adjustments and Overpayments Section to )Tj
T*
(reactivated and pay a denied claim or to make an adjustment to a )Tj
T*
(claim in a fraudulent manner. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Apply separation of duties between )Tj
T*
(adjustment and overpayment processing and other aspects of claims )Tj
T*
(processing. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2-1:)Tj
/T1_0 1 Tf
( The Wage Record file is )Tj
T*
(unprotected. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Provide secure storage for the Wage )Tj
T*
(Record file at the Twoville field office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2-2:)Tj
/T1_0 1 Tf
( Outside doors to the Twoville )Tj
T*
(field office \(other than the main entrance\) are unalarmend during \
)Tj
T*
(business hours. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Install deadbolt locks on all but the )Tj
T*
(main entrance door. issue keys to those who must use the doors in \
)Tj
T*
(the conduct of their official duties. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2-3:)Tj
/T1_0 1 Tf
( Dry chemical fire )Tj
T*
(extinguishers are provided for work areas in which CRT terminals )Tj
T*
(are located. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Replace the dry chemical extinguishers )Tj
T*
(with halon extinguishers. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2-4:)Tj
/T1_0 1 Tf
( Documents describing )Tj
T*
(restricted access software are not give special protection in the )Tj
T*
(Twoville field office. )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Access to restricted software should be )Tj
0 -1.2 TD
(controlled through passwords or user security profiles, not )Tj
0 -1.2 TD
(through the secrecy of operating procedures. In the present )Tj
0 -1.20001 TD
(situation, the restricted documents should be stored in locked )Tj
0 -1.2 TD
(desks or cabinets. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.2-1:)Tj
/T1_0 1 Tf
( Correspondence processors )Tj
T*
(can divert claim payments from their intended recipients in a )Tj
T*
(variety of ways. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Determine patterns of claims processing )Tj
T*
(transactions which would be carried out when fraud was being )Tj
T*
(attempted. Flag for s special review all claims to which these )Tj
T*
(patterns apply. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
114 0 obj[51 0 R]
endobj
115 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 19>>
endobj
116 0 obj 3242
endobj
117 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Finding 3.2.1.2.3-1:)Tj
/T1_1 1 Tf
( Passwords controlling )Tj
0 -1.2 TD
(access to CUIS Cash Disposition functions are not changed when )Tj
T*
(employees who know them terminate their employment. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( All access control keys \(both logical )Tj
T*
(and physical\) should be returned to SOES or rendered unusable upon \
)Tj
T*
(the termination of employees who possess them. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.2.1.2.3-2:)Tj
/T1_1 1 Tf
( Passwords controlling )Tj
T*
(access to CUIS Cash Disposition functions are sometimes written )Tj
T*
(down by the clerks entrusted with them. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Establish and enforce a policy that )Tj
T*
(passwords are not to be written down. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.2.1.2.3-3:)Tj
/T1_1 1 Tf
( There is no effective )Tj
T*
(control over mail which may be addressed to specific field office )Tj
T*
(employees and which may contain checks made out to those )Tj
T*
(employees. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Require that mail addressed to )Tj
T*
(individual employees be opened by mailroom personnel or in the )Tj
T*
(presence of a second party. Require also that employees not )Tj
T*
(intentionally direct personal mail to the SOES address. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.2.1.2.4-1:)Tj
/T1_1 1 Tf
( Address changes are )Tj
T*
(accepted for Unemployment Insurance Bureau claimants over the )Tj
T*
(telephone. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Use personal information to validate the )Tj
T*
(caller's identity. Send notification of the address change to the \
)Tj
T*
(old address. )Tj
0 -1.20001 TD
( )Tj
/T1_0 1 Tf
0 -1.2 TD
(Finding 3.2.1.2.5-1:)Tj
/T1_1 1 Tf
( Auditors in the Twoville )Tj
0 -1.2 TD
(field office report to the heads of the units they audit. )Tj
/T1_0 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( The auditors should report directly to )Tj
0 -1.2 TD
(the field office manager. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.2.1.3-1:)Tj
/T1_1 1 Tf
( The main entrance of the )Tj
T*
(Threeville field office is not monitored during the early morning )Tj
T*
(and late afternoon. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Ensure that the reception area is )Tj
T*
(staffed at all times when the main entrance door is unlocked. )Tj
T*
(Alternatively, install a bell or other signaling device which will \
)Tj
T*
(sound when the door is opened from the outside. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.2.1.2.3-2:)Tj
/T1_1 1 Tf
( Documents describing )Tj
T*
(restricted access software are not given special protection at the \
)Tj
T*
(Threeville field office. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Access to restricted software should be )Tj
T*
(controlled through passwords or user security profiles, not )Tj
ET
EMC
Q
endstream
endobj
118 0 obj[51 0 R]
endobj
119 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 20>>
endobj
120 0 obj<>
endobj
121 0 obj 3073
endobj
122 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(through the secrecy of operating procedures. In the present )Tj
0 -1.2 TD
(situation, the restricted documents should be stored in locked )Tj
T*
(desks or cabinets. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.3.3-1:)Tj
/T1_0 1 Tf
( The Correspondence Unit )Tj
T*
(auditor reports directly to the head of the Correspondence Unit at \
)Tj
T*
(the Threeville field office. The data entry auditors report to )Tj
T*
(the General Supervisor of the data entry units. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( All auditors should report directly to )Tj
T*
(the field office manager. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.3.3-2:)Tj
/T1_0 1 Tf
( The Training/Auditing )Tj
T*
(supervisor must relinquish most auditing responsibilities to the )Tj
T*
(General Supervisor when training classes are in session. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Assign the audit responsibility to a )Tj
T*
(single person reporting directly to the field office manager. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.3.4-1:)Tj
/T1_0 1 Tf
( The backup A/C unit for the )Tj
T*
(Threeville Data Center is not periodically tested. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Test the backup A/C unit on a regular )Tj
T*
(basis. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.4-2:)Tj
/T1_0 1 Tf
( Visitor access records are )Tj
T*
(not kept at the Threeville Data Center. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Keep records of visitor access to the )Tj
T*
(Threeville Data Center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.4-3:)Tj
/T1_0 1 Tf
( There are no underfloor )Tj
T*
(water detectors at the Threeville Data Center. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Install underfloor water detectors at )Tj
T*
(the Threeville Data Center. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(Finding 3.2.3.1.2-1:)Tj
/T1_0 1 Tf
( It would be possible for a )Tj
0 -1.2 TD
(reviewer to form a conspiracy for purposes of fraud with an )Tj
0 -1.2 TD
(employer for whom he's responsible. )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Provide more than on possible processor )Tj
0 -1.2 TD
(for each aspect of claims processing. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.4-1:)Tj
/T1_0 1 Tf
( There is no effective control )Tj
T*
(to ensure that employers who cease doing business or who leave the \
)Tj
T*
(area are purged from the Master Employer File. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Investigate ways to improve the accuracy )Tj
T*
(and currency of the master Employer File. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.4-2:)Tj
/T1_0 1 Tf
( Although signatures are )Tj
T*
(required on documents requesting Master Employer File updates, the \
)Tj
ET
EMC
Q
endstream
endobj
123 0 obj[51 0 R]
endobj
124 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 21>>
endobj
125 0 obj 2999
endobj
126 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(signatures are not verified. )Tj
/T1_1 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Verify signatures on Master Employer )Tj
T*
(File update requests. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.3-1:)Tj
/T1_0 1 Tf
( There is no effective separation )Tj
T*
(between CUIS development, testing and maintenance activities and )Tj
T*
(production operations. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Provide for the effective separation of )Tj
T*
(the development, maintenance and testing of application systems )Tj
T*
(and the production operation of those systems. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.3-2:)Tj
/T1_0 1 Tf
( It is possible for a single )Tj
T*
(person to carry out all steps necessary to insert a software )Tj
T*
(modification into the production CUIS system without independent )Tj
T*
(review. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Ensure that all changes, additions and )Tj
T*
(deletions to production CUIS software are reviewed by at least one \
)Tj
T*
(analyst not involved in their preparation. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.3-3:)Tj
/T1_0 1 Tf
( Journalization of CUIS )Tj
T*
(transactions is incomplete. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Provide for complete journalization of )Tj
T*
(CUIS transactions. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.3-4:)Tj
/T1_0 1 Tf
( Restricted UIS subsystems are )Tj
T*
(protected by secret clerk numbers coded into the software. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Use the ACF2 Security Software to )Tj
T*
(protect restricted CUIS modules where possible. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(Finding 3.3-5:)Tj
/T1_0 1 Tf
( The CUIS Software Support Group )Tj
0 -1.2 TD
(does not enforce periodic changes of passwords and permits the )Tj
0 -1.20001 TD
(selection of passwords with mnemonic value. )Tj
/T1_1 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Enforce periodic changes of passwords. )Tj
T*
(Do not allow the use of Passwords with mnemonic value \(other than \
)Tj
T*
(perhaps pronounceability\). )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.3-6:)Tj
/T1_0 1 Tf
( CUIS is not supported to the )Tj
T*
(fullest extent possible by ACF2. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Use ACF2 to serve all the security needs )Tj
T*
(of online CUIS subsystems. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.1-1:)Tj
/T1_0 1 Tf
( CO2 is in use in the data )Tj
T*
(center as a fire suppressant. It is potentially harmful to )Tj
T*
(personnel. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( Provide full flood halon protection for )Tj
T*
(the entire data center. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
127 0 obj[51 0 R]
endobj
128 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 22>>
endobj
129 0 obj 3056
endobj
130 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(Finding 3.4.1-2:)Tj
/T1_1 1 Tf
( There is no visitor sign-in )Tj
0 -1.2 TD
(policy at the data center. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Implement a visitor sign-in policy for )Tj
T*
(the data center. Validate tape sign-out requests. Modify the )Tj
T*
(badge token authorizing data center access. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.1-3:)Tj
/T1_1 1 Tf
( The blue ID badge stripe which )Tj
T*
(authorizes data center access can be easily forged. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( In place of the blue stripe, use a )Tj
T*
(difficult to duplicate marking such as an engraved design and )Tj
T*
(attach it to the ID badge under the lamination. It then becomes )Tj
T*
(impossible to add or remove this credential once a badge has been )Tj
T*
(completely assembled, and the counterfeiting process is much more )Tj
T*
(difficult than before. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.1-4:)Tj
/T1_1 1 Tf
( Fire protection by CO2 is )Tj
T*
(provided only for the underfloor areas of the data center. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Install a full-flood halon system in the )Tj
T*
(data center. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.1-5:)Tj
/T1_1 1 Tf
( The key to the storage area )Tj
T*
(containing blank Unemployment Insurance Bureau benefit checks is )Tj
T*
(kept on a hook near the computer console operator. The access )Tj
T*
(list for the key contains 30 names. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Pare down the access list for the key to )Tj
T*
(the Unemployment Insurance Bureau blank check storage area. )Tj
T*
(Maintain all copies of the key in protected or continuously )Tj
T*
(monitored storage locations. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.1-6:)Tj
/T1_1 1 Tf
( There are no alarms and only )Tj
T*
(hand-held fire extinguishers in the supply area adjacent to the )Tj
T*
(main computer room. )Tj
/T1_0 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Upgrade the fire detection and )Tj
0 -1.2 TD
(suppression equipment in the data center supply storage area. )Tj
0 -1.2 TD
( )Tj
/T1_0 1 Tf
0 -1.20001 TD
(Finding 3.4.1-7:)Tj
/T1_1 1 Tf
( There is no smoke exhaust )Tj
0 -1.2 TD
(capability in the data center. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Formalize the use of portable fans for )Tj
T*
(exhausting smoke. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.2-1:)Tj
/T1_1 1 Tf
( There is no provision for the )Tj
T*
(real-time on-line reporting of incorrect password usage attempts )Tj
T*
(to a security officer. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide for the online reporting of )Tj
T*
(incorrect password entry attempts. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
131 0 obj[51 0 R]
endobj
132 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 23>>
endobj
133 0 obj 3353
endobj
134 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Finding 3.4.4-1:)Tj
/T1_1 1 Tf
( The data center has no policy )Tj
0 -1.2 TD
(requiring periodic changes to passwords. Users are allowed to )Tj
T*
(specify their own passwords. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( The data canter should require the use )Tj
T*
(of randomly generated passwords which are changed at least once a )Tj
T*
(year. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.5.1-1:)Tj
/T1_1 1 Tf
( No authorization checks are )Tj
T*
(made when tapes are signed out from the tape library. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Release tapes only to their owners or to )Tj
T*
(persons authorized in writing by the owners. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.5.1-2:)Tj
/T1_1 1 Tf
( Non-production tapes are )Tj
T*
(scratched automatically when the retention date is reached. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Consult tape owners prior to scratching )Tj
T*
(tapes whose retention dates have passed. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.4.5.1-3:)Tj
/T1_1 1 Tf
( Tapes are not degaussed after )Tj
T*
(scratching and prior to reuse. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Degauss all scratch tapes prior to )Tj
T*
(reissue. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.5.1-1:)Tj
/T1_1 1 Tf
( Secure areas used by the )Tj
T*
(Accounting Department have walls which do not extend to the true )Tj
T*
(ceiling. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Extend the walls of all secure storage )Tj
T*
(areas to meet the true ceiling. )Tj
T*
( )Tj
/T1_0 1 Tf
0 -1.20001 TD
(Finding 3.5.1-2:)Tj
/T1_1 1 Tf
( Benefit checks returned to SOES )Tj
0 -1.2 TD
(are not batched and present an easy target for abuse. )Tj
/T1_0 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Batch returned checks in the mailroom )Tj
0 -1.20001 TD
(prior to sending them to Cash Receiving. Then destroy the checks )Tj
0 -1.2 TD
(after generating the necessary accounting records> )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.8-1:)Tj
/T1_1 1 Tf
( When an audit is to be conducted, )Tj
T*
(advance notice is given to the affected department. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( As a matter of policy, give no notice of )Tj
T*
(impending audit activity to the affected departments. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(Finding 3.11.2-1:)Tj
/T1_1 1 Tf
( The storeroom used by the Mail )Tj
T*
(and Distribution Department has walls which do not extend to the )Tj
T*
(true ceiling as well as unalarmend exterior windows. )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Extend the walls of all secure storage )Tj
T*
(areas to meet the true ceiling. )Tj
T*
( )Tj
ET
0.5 0.5 0.5 rg
9.28961 55.91257 m
9.28961 57.77049 l
602.71039 57.77049 l
601.78143 56.84154 l
10.21857 56.84154 l
10.21857 56.84152 l
h
f
0.875 0.875 0.875 rg
602.71039 57.77049 m
602.71039 55.91257 l
9.28961 55.91257 l
10.21857 56.84152 l
601.78143 56.84152 l
601.78143 56.84154 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 38.17699 Tm
( )Tj
ET
EMC
Q
endstream
endobj
135 0 obj[51 0 R]
endobj
136 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 24>>
endobj
137 0 obj 5760
endobj
138 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 754.41742 Tm
( )Tj
/T1_1 1 Tf
8.03479 -2.56966 Td
(1.3 SUMMARY OF ALES, SAFEGUARD COSTS AND SAVINGS)Tj
/T1_2 1 Tf
-7.8205 -5.75891 Td
(Finding )Tj
0.60001 -1.2 Td
(Number)Tj
5.08571 1.2 Td
(Subject Area )Tj
0.89999 -1.2 Td
(of Finding)Tj
8.68571 4.2 Td
(ALE )Tj
-0.60001 -1.2 Td
(Times )Tj
0.3 -1.2 Td
(3.79 )Tj
-0.60001 -1.2 Td
(Equals )Tj
0.60001 -1.2 Td
(5-yr )Tj
0 -1.2 TD
(Loss )Tj
-0.60001 -1.2 Td
(Now \($\))Tj
4.4857 5.39999 Td
(Minus )Tj
T*
(New 5-)Tj
0.89999 -1.2 Td
(yr )Tj
-0.3 -1.2 Td
(Loss)Tj
4.18571 3.60001 Td
(Equals )Tj
-0.89999 -1.2 Td
(Reduction )Tj
0.60001 -1.2 Td
(in 5-yr )Tj
T*
(Loss \($\))Tj
5.68571 2.39999 Td
(Compare )Tj
T*
(to Costs)Tj
5.68571 3 Td
(Savings )Tj
0.60001 -1.2 Td
(\($\) = )Tj
0.3 -1.2 Td
(Loss )Tj
-1.5 -1.2 Td
(Reduction )Tj
T*
(Minus Cost)Tj
6.28571 3.60001 Td
(Cost to )Tj
T*
(Savings )Tj
0.89999 -1.2 Td
(Ratio)Tj
/T1_0 1 Tf
-41.3 -3.88573 Td
(32125-1)Tj
T*
(32134-1)Tj
T*
(32123-3)Tj
T*
(3451-1)Tj
T*
(32312-1)Tj
T*
(38- 1)Tj
T*
(32134-2)Tj
T*
(3211-2)Tj
T*
(3212-2)Tj
T*
(27-4)Tj
T*
(3212-4)Tj
T*
(351- 2)Tj
T*
(3451-2)Tj
T*
(27-1)Tj
T*
(341-2)Tj
T*
(351-1)Tj
T*
(3.11.2-1)Tj
T*
(3212-3)Tj
T*
(27- 5)Tj
T*
(32124-1)Tj
T*
(32112-1)Tj
T*
(3211-1)Tj
T*
(33-1)Tj
5.08571 26.39999 Td
(Auditor Conflct)Tj
T*
(Backup AC Test)Tj
T*
(Personal Mail)Tj
T*
(Tape Lib ID Chk)Tj
T*
(Clms Revw Fraud)Tj
T*
(Audit Notice)Tj
T*
(Visitor Records)Tj
T*
(4ville Entrance)Tj
T*
(2ville Entrance)Tj
T*
(3ville Phys Sec)Tj
T*
(Protect Documts)Tj
T*
(Returned Checks)Tj
T*
(Tape Scratch)Tj
T*
(HQ Phys. Secur)Tj
T*
(Visitor Sign-in)Tj
T*
(False Walls)Tj
T*
(False Walls)Tj
T*
(Dry Chem Exting)Tj
T*
(Unsupv Janitors)Tj
T*
(Address Change)Tj
T*
(Adj/Ovpmt Fraud)Tj
T*
(WR File Secur)Tj
T*
(CUIS Dev/Prod)Tj
11.68571 26.39999 Td
(57K)Tj
T*
(16K)Tj
-0.60001 -1.2 Td
(3.4K)Tj
T*
(2.3K)Tj
T*
(2.3K)Tj
T*
(1.1K)Tj
0.60001 -1.2 Td
(460)Tj
-1.2 -1.2 Td
(2 .7M)Tj
0.60001 -1.2 Td
(1.9M)Tj
0.60001 -1.2 Td
(12M)Tj
-0.60001 -1.2 Td
(284K)Tj
T*
(190K)Tj
T*
(144K)Tj
T*
(380K)Tj
T*
(1.8M)Tj
T*
(380K)Tj
0.60001 -1.2 Td
(38K)Tj
T*
(10K)Tj
-0.60001 -1.2 Td
(190K)Tj
T*
(2.3K)Tj
0.60001 -1.2 Td
(34K)Tj
-0.60001 -1.2 Td
(2.3K)Tj
0.60001 -1.2 Td
(57K)Tj
3.28571 26.39999 Td
(2.8K)Tj
1.8 -1.2 Td
(0)Tj
-1.2 -1.2 Td
(170)Tj
1.2 -1.2 Td
(0)Tj
-1.2 -1.2 Td
(110)Tj
T*
(110)Tj
T*
(230)Tj
1.2 -1.2 Td
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
-1.2 -1.2 Td
(36K)Tj
T*
(19K)Tj
-0.60001 -1.2 Td
(450K)Tj
T*
(190K)Tj
1.8 -1.2 Td
(0)Tj
T*
(0)Tj
-1.2 -1.2 Td
(19K)Tj
T*
(110)Tj
-0.60001 -1.2 Td
(3.4K)Tj
0.60001 -1.2 Td
(230)Tj
-0.60001 -1.2 Td
(5.7K)Tj
6.88573 26.39999 Td
(54K)Tj
T*
(16K)Tj
-0.60001 -1.2 Td
(3.2K)Tj
T*
(2.3K)Tj
T*
(2.2K)Tj
1.2 -1.2 Td
(1K)Tj
-0.60001 -1.2 Td
(230)Tj
-1.2 -1.2 Td
(2.7 M)Tj
0.60001 -1.2 Td
(1.9M)Tj
0.60001 -1.2 Td
(12M)Tj
-0.60001 -1.2 Td
(284K)Tj
T*
(190K)Tj
T*
(110K)Tj
T*
(360K)Tj
T*
(1.4M)Tj
T*
(190K)Tj
0.60001 -1.2 Td
(38K )Tj
T*
(10K)Tj
-0.60001 -1.2 Td
(170K)Tj
T*
(2.2K)Tj
0.60001 -1.2 Td
(31K)Tj
-0.60001 -1.2 Td
(2.1K)Tj
0.60001 -1.2 Td
(51K)Tj
6.28571 26.39999 Td
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
-1.2 -1.2 Td
(300)Tj
T*
(300)Tj
T*
(20K )Tj
-0.60001 -1.2 Td
(2.2K)Tj
T*
(4.2K)Tj
-0.60001 -1.2 Td
(11.4K)Tj
0.60001 -1.2 Td
(8.7K)Tj
0.60001 -1.2 Td
(42K)Tj
0.60001 -1.2 Td
(6K)Tj
T*
(2K)Tj
-1.2 -1.2 Td
(1.2K)Tj
0.60001 -1.2 Td
(87K)Tj
-0.60001 -1.2 Td
(1.2K)Tj
0.60001 -1.2 Td
(22K)Tj
-0.60001 -1.2 Td
(1.5K)Tj
0.60001 -1.2 Td
(38K)Tj
6.28572 26.39999 Td
(54K)Tj
T*
(16K)Tj
-0.60001 -1.2 Td
(3.2K)Tj
T*
(2.3K)Tj
T*
(2.2K)Tj
1.2 -1.2 Td
(1k)Tj
-0.60001 -1.2 Td
(230)Tj
-1.2 -1.2 Td
(2.7 M)Tj
0.60001 -1.2 Td
(1.9M)Tj
0.60001 -1.2 Td
(12M)Tj
-0.60001 -1.2 Td
(282K)Tj
T*
(186K)Tj
0.60001 -1.2 Td
(99K)Tj
-0.60001 -1.2 Td
(350K)Tj
T*
(1.4M)Tj
T*
(184K)Tj
0.60001 -1.2 Td
(36K )Tj
0.60001 -1.2 Td
(9K)Tj
-0.60001 -1.2 Td
(83K)Tj
0.60001 -1.2 Td
(1K)Tj
T*
(9K)Tj
-0.60001 -1.2 Td
(600)Tj
T*
(13K)Tj
6.28571 26.39999 Td
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
-3 -1.2 Td
(1.1E-4)Tj
-0.60001 -1.2 Td
(1.6E- 4)Tj
1.8 -1.2 Td
(.002)Tj
T*
(.008)Tj
T*
(.023)Tj
T*
(.023)Tj
T*
(.025)Tj
T*
(.030)Tj
T*
(.033)Tj
T*
(.056)Tj
T*
(.133)Tj
T*
(1.05)Tj
T*
(1.20)Tj
T*
(2.44)Tj
T*
(2.50)Tj
T*
(2.92)Tj
-42.8 -1.48572 Td
(22-1)Tj
T*
(23-2)Tj
5.08571 1.2 Td
(3ville Flooding)Tj
T*
(3ville Quake)Tj
11.08572 1.2 Td
(307K)Tj
0.60001 -1.2 Td
(45K)Tj
3.28571 1.2 Td
(284K)Tj
0.60001 -1.2 Td
(30K)Tj
6.28572 1.2 Td
(23K)Tj
T*
(15K)Tj
6.28571 1.2 Td
( )Tj
-1.2 -1.2 Td
(29K)Tj
7.48572 1.2 Td
( )Tj
-0.60001 -1.2 Td
(9K)Tj
5.68571 1.2 Td
( )Tj
-1.8 -1.2 Td
(3.22)Tj
-42.8 -2.08571 Td
(23-1)Tj
T*
(324-1)Tj
T*
(341-7)Tj
T*
(341-1)Tj
5.08571 4.2 Td
(Capitaltown )Tj
T*
(quake)Tj
T*
(Mster Empl File)Tj
T*
(Smoke Exhaust)Tj
T*
(C02 As Fire Sup)Tj
11.68571 4.2 Td
(23K)Tj
-1.2 -1.2 Td
(11.4K)Tj
2.39999 -1.2 Td
(0)Tj
-0.60001 -1.2 Td
(38)Tj
2.68571 3.60001 Td
(6.1K)Tj
-0.60001 -1.2 Td
(1.14K)Tj
2.39999 -1.2 Td
(0)Tj
T*
(0)Tj
5.08572 3.60001 Td
(17K)Tj
-1.8 -1.2 Td
(10.26K)Tj
3 -1.2 Td
(0)Tj
-0.60001 -1.2 Td
(38)Tj
4.4857 3.60001 Td
(16K)Tj
-1.2 -1.2 Td
(10.1K)Tj
0.60001 -1.2 Td
(3.7K)Tj
0.60001 -1.2 Td
(20K)Tj
6.88573 3.60001 Td
(1K)Tj
-0.60001 -1.2 Td
(160)Tj
-1.2 -1.2 Td
(-3.7K)Tj
0.60001 -1.2 Td
(-20K)Tj
5.08571 3.60001 Td
(16.0)Tj
T*
(63.1)Tj
1.2 -1.2 Td
(-1)Tj
T*
(-1)Tj
ET
0.5 0.5 0.5 rg
9.28961 96.61201 m
9.28961 98.46994 l
602.71039 98.46994 l
601.78143 97.54099 l
10.21857 97.54099 l
10.21857 97.54097 l
h
f
0.875 0.875 0.875 rg
602.71039 98.46994 m
602.71039 96.61201 l
9.28961 96.61201 l
10.21857 97.54097 l
601.78143 97.54097 l
601.78143 97.54099 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 78.87643 Tm
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
139 0 obj[51 0 R]
endobj
140 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 25>>
endobj
141 0 obj<>
endobj
142 0 obj 2999
endobj
143 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 269.14902 755.17271 Tm
(CHAPTER 2)Tj
-1.584 -2.39999 Td
(GENERAL ISSUES)Tj
/T1_1 1 Tf
-18.39679 -2.54463 Td
( )Tj
0 -1.2 TD
( )Tj
T*
(This chapter is concerned with findings related to general risks; )Tj
T*
(that is, risks which affect the overall SOES Unemployment )Tj
T*
(Insurance Bureau Computer Operation as opposed to a single )Tj
T*
(department, branch, section, facility, asset, etc. )Tj
T*
( )Tj
T*
(Each section in this chapter deals with a specific risk, such as )Tj
T*
(fire, flood, etc. At the beginning of each section is a paragraph \
)Tj
T*
(entitled )Tj
/T1_2 1 Tf
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
(. This paragraph )Tj
T*
(particularizes considerations involving the risk to the SOES )Tj
T*
(environment and explains the techniques to be used in evaluating )Tj
T*
(the impact of the risk in that environment. )Tj
T*
( )Tj
T*
(Following the background and introduction is a series of one or )Tj
T*
(more )Tj
/T1_2 1 Tf
(FINDINGS)Tj
/T1_1 1 Tf
( related to the subject risk. Each finding )Tj
T*
(is a briefly stated conclusion about the effect of the risk on )Tj
T*
(SOES Unemployment Insurance Bureau Computer Operations. )Tj
T*
( )Tj
T*
(After the finding is a paragraph entitled )Tj
/T1_2 1 Tf
(RELATED CONTROL )Tj
T*
(STANDARD)Tj
/T1_1 1 Tf
(. This is a statement of a generally accepted )Tj
T*
(principle of good security practice. Several professional EDP )Tj
T*
(auditing groups have prepared codified lists of standards which )Tj
T*
(have been published in the literature and subjected to peer )Tj
0 -1.20001 TD
(review. One of the earliest of these is the "Computer Control )Tj
0 -1.2 TD
(Guideline" first published by the Canadian Institute of Chartered )Tj
0 -1.2 TD
(Accountants in 1970. Another is "Control Objectives - 1980" )Tj
0 -1.20001 TD
(published by the EDP Auditors Foundation for Education and )Tj
0 -1.2 TD
(Research \(EDPAFER\). It is this latter document from which the )Tj
T*
(control standard references used in this report are taken. )Tj
T*
( )Tj
T*
(The primary purpose for stating the EDPAFER minimum requirement )Tj
T*
(related to each finding is to demonstrate that in fact the finding \
)Tj
T*
(does represent a situation in which a requirement is not being )Tj
T*
(met. )Tj
T*
( )Tj
T*
(A second reason for stating the EDPAFER requirement for each )Tj
T*
(finding is that comments are often made that certain findings are )Tj
T*
(not related to computer security issues. )Tj
T*
( )Tj
T*
(Our view, however, is that computer security embraces )Tj
/T1_2 1 Tf
(all)Tj
/T1_1 1 Tf
( )Tj
T*
(issues which must be addressed to assure the )Tj
/T1_2 1 Tf
(continuous)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
144 0 obj[51 0 R]
endobj
145 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 26>>
endobj
146 0 obj 3202
endobj
147 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(and )Tj
/T1_1 1 Tf
(reliable)Tj
/T1_0 1 Tf
( operation of a computer center and the )Tj
0 -1.2 TD
(timely accomplishment of all its processing. )Tj
T*
( )Tj
T*
(Clearly this is a very broad objective. It encompasses such )Tj
T*
(concerns as ensuring that necessary supplies are delivered on )Tj
T*
(time; employing a detailed software development methodology to )Tj
T*
(ensure that production applications are virtually bug-free from )Tj
T*
(the beginning; and providing for good employee morale. )Tj
T*
( )Tj
T*
(Computer security also embraces the more obviously security- )Tj
T*
(related issues such as visitor access controls, data file )Tj
T*
(protection, sign-on passwords and so forth. )Tj
T*
( )Tj
T*
(When taken out of the context of an integrated ADP security )Tj
T*
(program, individual findings and issues may seem to be nothing )Tj
T*
(more than matters of ordinary good practice and totally unrelated )Tj
T*
(to security and integrity. Those who feel that such issues are )Tj
T*
(irrelevant to security should stop to consider the overall impact )Tj
T*
(of each finding. )Tj
T*
( )Tj
T*
(If the computer center runs out of printer paper because of a poor \
)Tj
T*
(inventory control system, job output cannot be printed and SYSOUT )Tj
T*
(must be dumped to tape before it fills up its allotted space. )Tj
T*
(Management does not get the information from this output on )Tj
T*
(schedule and important business decisions are delayed, perhaps )Tj
T*
(beyond firm deadlines. Proper management of supplies may not seem \
)Tj
T*
(like a matter of security but it clearly can be as this example )Tj
T*
(shows. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Lack of a detailed software development methodology can lead to )Tj
0 -1.2 TD
(applications which are poorly designed, cryptically coded and )Tj
0 -1.20001 TD
(sparsely documented. Such applications must be frequently removed )Tj
0 -1.2 TD
(from production due to bugs. The software maintenance personnel )Tj
T*
(spend may unnecessary hours attempting to thread through the )Tj
T*
(cryptic code and read between the lines of the sparse )Tj
T*
(documentation. The production output that does get into the hands \
)Tj
T*
(of the user may contain errors and lead to bad decisions. )Tj
T*
( )Tj
T*
(Failure to ensure good employee morale can lead to purposefully )Tj
T*
(careless work habits, strikes \(if the employees are unionized\), )Tj
T*
(fraudulent destructive activity and/or a high employee turnover )Tj
T*
(rate. Bad employee morale, if not avoided, can thus lead to )Tj
T*
(anything from a loss of efficiency to the total paralysis of the )Tj
T*
(computing operation. )Tj
T*
( )Tj
T*
(The next paragraph associated with each finding is entitled )Tj
/T1_1 1 Tf
T*
(DISCUSSION)Tj
/T1_0 1 Tf
(. This paragraph expands upon and provides the )Tj
ET
EMC
Q
endstream
endobj
148 0 obj[51 0 R]
endobj
149 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 27>>
endobj
150 0 obj 3076
endobj
151 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(details necessary to understand the finding. )Tj
0 -1.2 TD
( )Tj
T*
(Following the discussion is a )Tj
/T1_1 1 Tf
(RISK ANALYSIS)Tj
/T1_0 1 Tf
( paragraph )Tj
T*
(which describes the calculations which were carried out to compute \
)Tj
T*
(the annual loss expectancy. These calculations involve )Tj
/T1_2 1 Tf
T*
(estimates)Tj
/T1_0 1 Tf
( of the annual frequencies with which undesirable )Tj
T*
(events occur and )Tj
/T1_2 1 Tf
(estimates)Tj
/T1_0 1 Tf
( of the extent of monetary loss )Tj
T*
(which will result from the occurrence of the events. The )Tj
T*
(calculations are inexact and the results are rounded to two )Tj
T*
(significant figures to reflect this fact. )Tj
T*
( )Tj
T*
(Next is a paragraph called )Tj
/T1_1 1 Tf
(SUGGESTED SAFEGUARDS AND COST )Tj
T*
(BENEFIT ANALYSIS)Tj
/T1_0 1 Tf
(. In this paragraph additional safeguards )Tj
T*
(are proposed to reduce the expected loss and/or the annual )Tj
T*
(frequency estimate associated with the finding. The cost of )Tj
T*
(installing and operating each additional safeguard is compared to )Tj
T*
(the reduction in the ALE it will bring about. Again, the results \
)Tj
T*
(of calculations are rounded to reflect their inexactness. )Tj
T*
( )Tj
T*
(Finally, there is a )Tj
/T1_1 1 Tf
(RECOMMENDATION)Tj
/T1_0 1 Tf
( paragraph. )Tj
T*
(Recommendations are specific and based on the cost-benefit )Tj
T*
(analysis of the preceding paragraph. )Tj
/T1_2 1 Tf
T*
( )Tj
T*
(2.1 FIRE )Tj
T*
( )Tj
T*
(HEADQUARTERS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The headquarters buildings do not have an automatic fire sprinkler \
)Tj
T*
(system. Each floor has portable fire extinguishers with an ABC )Tj
T*
(fire rating. A comprehensive fire safety program is being )Tj
T*
(followed. The facilities are inspected by the fire department )Tj
T*
(once a month. All the employees are made aware of the evacuation )Tj
0 -1.20001 TD
(producers and specially assigned personnel are trained to assist )Tj
0 -1.2 TD
(in the evacuation of the building. The local fire station is )Tj
0 -1.2 TD
(within a one mile radius and the response time is less than one )Tj
0 -1.20001 TD
(minutes. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(999 BACK STREET)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The State Supply Warehouse building is equipped with automatic )Tj
T*
(fire sprinkler systems throughout the work area. When the )Tj
T*
(sprinkler system is activated, an alarm is generated and sent )Tj
T*
(directly to the XYZ Security Services central control office. )Tj
T*
(They contact the local fire station. The fire department inspects \
)Tj
T*
(the warehouse once a year. Each floor has portable fire )Tj
T*
(extinguishers with an ABC rating. A comprehensive fire safety )Tj
ET
EMC
Q
endstream
endobj
152 0 obj[51 0 R]
endobj
153 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 28>>
endobj
154 0 obj 3053
endobj
155 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(program is being followed. All employees are made aware of the )Tj
0 -1.2 TD
(evacuation procedures and specially assigned personnel are trained \
)Tj
T*
(to assist in the evacuation of the building. The fire department )Tj
T*
(is within a one mile radius and the response time is 45 seconds to \
)Tj
T*
(one minute. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FOURVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville Field office does not have an automatic sprinkler )Tj
T*
(system in the work area. The main floor has portable fire )Tj
T*
(extinguishers with ABC fire ratings. A comprehensive fire safety )Tj
T*
(program is being followed. The field office is periodically )Tj
T*
(inspected by the local fire department. All the employees are )Tj
T*
(made fully aware of the evacuation procedures. In the event of an \
)Tj
T*
(emergency, the department supervisor leads his own unit out )Tj
T*
(safely. The local fire station is within a two mile radius and )Tj
T*
(the response time is less than five minutes. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Twoville)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Twoville field office has automatic fire sprinkler systems )Tj
T*
(throughout the work area. The field office is equipped both with )Tj
T*
(ABC and Halon fire extinguishers. A comprehensive fire safety )Tj
T*
(program is being followed. The facilities are periodically )Tj
T*
(inspected by the fire department on request by the field office )Tj
T*
(manager. All the employees are made aware of the evacuation )Tj
T*
(procedures. The local fire department is within a on mile radius )Tj
T*
(and the response time is one minute or less. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(THREEVILLE)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(The Threeville field office has automatic fire sprinkler systems )Tj
0 -1.2 TD
(throughout the area. The field office is equipped with ABC rated )Tj
T*
(fire extinguishers. A comprehensive fire safety program is being )Tj
T*
(followed. The facilities are inspected once every three months by \
)Tj
T*
(the local fire department. All the employees are made aware of )Tj
T*
(the evacuation procedures and specially assigned safety monitors )Tj
T*
(are trained to assist in the evacuation of the building. The fire \
)Tj
T*
(department is less than one mile away from the field office and )Tj
T*
(the response time is less than one minute. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(2.2. FLOODS AND OTHER WATER DAMAGE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(HEADQUARTERS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Since the headquarters of the Office of Employment Security are )Tj
T*
(located above sea level, the likelihood of a flood occurring is )Tj
ET
EMC
Q
endstream
endobj
156 0 obj[51 0 R]
endobj
157 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 29>>
endobj
158 0 obj 3062
endobj
159 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(minimal. The mean sea level in one hundred years will reach an )Tj
0 -1.2 TD
(estimated height of 5 ft. 6 in. at high tide according to the )Tj
T*
(National Oceanic and Atmospheric Administration. Therefore the )Tj
T*
(threat of any damage to the building structure or the contents )Tj
T*
(would be significant. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(999 BACK STREET)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Since the State Supply warehouse is located above sea level, the )Tj
T*
(likelihood of a flood occurring is minimal. The mean sea level )Tj
T*
(around the nearby body of water will reach an estimated height of )Tj
T*
(5ft. 6 in. at high tide every 100 years according to the national )Tj
T*
(Oceanic and Atmospheric Administration. Therefore the threat of )Tj
T*
(any damage to the building structure or the contents would be )Tj
T*
(insignificant )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FOURVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The State Department of Water Conservation is conducting a flood )Tj
T*
(control project in Fourville. The Big Fourville Creek and the )Tj
T*
(Little Fourville Creek flow through the town. The Little )Tj
T*
(Fourville Creek flood flow is diverted from Fourville to Fiveville \
)Tj
T*
(Count. The Big Fourville Creek flows to the north and then west, )Tj
T*
(where it joins the Big River. Fiveville County maintains the )Tj
T*
(levees and the passage gates while the State Department of Water )Tj
T*
(Conservation is responsible for the inspection, operation and )Tj
T*
(maintenance. The inspection of the levees occurs twice a year, )Tj
T*
(and they are considered to be strong and well maintained. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(TWOVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Hat Rive and the Wood River are not a direct threat to the two \
)Tj
0 -1.20001 TD
(of Twoville. If a flood occurred, Woodtown, which lies directly )Tj
0 -1.2 TD
(across the Wood River from Twoville, would be flooded by the Hat )Tj
0 -1.2 TD
(River and the Wood River would continue to flow South. The Wood )Tj
0 -1.20001 TD
(River Dam and the Old Davis Dam are both considered to be good )Tj
0 -1.2 TD
(levees. They are inspected twice a year and are well maintained. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(THREEVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville Field office is located in a flood zone designated )Tj
T*
(as \(AO\) on a map produced by the U.S. Department of Housing and )Tj
T*
(Urban Development, Federal Insurance Administration. The )Tj
T*
(probability of a flood occurring in this zone is one in a hundred )Tj
T*
(years \(.01\). Zone AO refers to an area which should experience a \
)Tj
T*
(1-3 foot flood level not more than once every hundred years. The )Tj
ET
EMC
Q
endstream
endobj
160 0 obj[51 0 R]
endobj
161 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 30>>
endobj
162 0 obj<>
endobj
163 0 obj 2748
endobj
164 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(potential source of flooding is the Dynamite Creek. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(FINDING 2.2-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville Field Office is subject to flooding. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(When a flood occurs, the depth of the floodwaters would reach a )Tj
T*
(maximum level of three feet. Since the field office is located at \
)Tj
T*
(ground level, the floodwaters would reach the main floor level, )Tj
T*
(and damage the contents of the building. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Annual Frequency Estimate \(AFE\) of a flood reaching its )Tj
T*
(maximum depth of 3 feet is .01. )Tj
T*
( )Tj
T*
(The probability of floodwaters reaching the Threeville Field )Tj
T*
(Office main floor level is relatively high, because the field )Tj
T*
(office is at ground level. )Tj
T*
( )Tj
T*
(A reasonable estimate of cleanup would be $10K. This cleanup cost \
)Tj
T*
(includes the drying and shampooing of the carpets in the )Tj
T*
(Threeville Field office. The replacement cost for furniture, book \
)Tj
T*
(shelves, desks and supplies, would be about $500 per employee. )Tj
T*
(Also, each desk houses a CRT terminal. The standard desk measures \
)Tj
T*
(30in. \(or 2ft 6in\). Since the floodwaters reach maximum depth of \
)Tj
0 -1.20001 TD
(three feet, the CRTs would be damaged; the estimated loss is the )Tj
0 -1.2 TD
(number of CRTs to be replaced multiplied by the remaining lease )Tj
0 -1.2 TD
(obligation per CRT. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The field office's vital records would be safe from water damage, )Tj
T*
(because they are or could easily be stored above the three foot )Tj
T*
(level. )Tj
T*
( )Tj
T*
(In the absence of a contingency plan, SOES would lose about two )Tj
T*
(weeks of operations while the cleanup was underway. )Tj
T*
( )Tj
T*
(The total loss is the total cost of recovering form the flood. )Tj
T*
(This is equal to the clean up cost plus the cost of replacing )Tj
T*
(office furniture and equipment plus the reaming obligation on the )Tj
T*
(ADP equipment lease plus the cost of the 1-1/2 weeks of overtime )Tj
T*
(which could be eliminated by a good disaster recovery plan \(part )Tj
T*
(of the contingency plan\). )Tj
T*
( )Tj
T*
(The cost of office furniture and equipment is 128 staff x $500 = )Tj
ET
EMC
Q
endstream
endobj
165 0 obj[51 0 R]
endobj
166 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 31>>
endobj
167 0 obj 2350
endobj
168 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
($64K. )Tj
0 -1.2 TD
( )Tj
T*
(The cleanup cost should not exceed $10K. )Tj
T*
( )Tj
T*
(The remaining 3 year lease obligation based on a monthly charge of \
)Tj
T*
($17,866 is $643K. )Tj
T*
( )Tj
T*
(The cost of 1-1/2 weeks of overtime for a staff of 128 at an )Tj
T*
(average $6.50 per hour salary and 25% overhead is 1.5 wks x 40 )Tj
T*
(hrs/wk x $6.50/hr x 128 staff x 1.5 overtime x 1.25 overhead = $94 \
)Tj
T*
(K. )Tj
T*
( )Tj
T*
(The total loss is then $64K + $10K + $643K + $94K = $810K. )Tj
T*
( )Tj
T*
(The ALE is .01 % x $810 = $81K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is a contingency plan which would expedite recovery )Tj
T*
(activities and save about 1.5 of the 2 weeks which would otherwise \
)Tj
T*
(be required to clean up. )Tj
T*
( )Tj
T*
(The yearly savings \(not counting the cost of contingency plan )Tj
T*
(development\) will be the AFE multiplied by 2/3 of the overtime )Tj
T*
(costs \(all but 1/2 week\)or .01 x 2/3 x $94K = $6.3K. )Tj
T*
( )Tj
T*
(The ALE reduction will be $81K - $6.3K = $75K. )Tj
T*
( )Tj
T*
(The cost of contingency planning is determined after all ALE )Tj
T*
(reductions generated by the existence of the plan have been )Tj
T*
(calculated. This is done on the multiple effects worksheet in )Tj
T*
(Appendix C. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.1 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Prepare a formal contingency plan for the field office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(2.3 EARTHQUAKES)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(HEADQUARTERS AND 999 BACK STREET)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The headquarters buildings are located in a grade C intensity )Tj
T*
(area. Grace C is referred to as a very strong intensified area )Tj
T*
(that can expect substantial damage from an earthquake. This )Tj
ET
EMC
Q
endstream
endobj
169 0 obj[51 0 R]
endobj
170 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 32>>
endobj
171 0 obj 2963
endobj
172 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(information corresponds to intensity readings greater than 6.0 on )Tj
0 -1.2 TD
(the Richter scale. These buildings have three stories. There is )Tj
T*
(an underground parking garage below 123 Main Street. )Tj
T*
( )Tj
T*
(The State Supply Warehouse building is located in a grade D )Tj
T*
(intensity area. Grade D is also referred to as a strong )Tj
T*
(intensified area that can expect some damage from an earthquake. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 2.3-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The risk of earthquake damage to the Office of Employment Security \
)Tj
T*
(Capitaltown facilities and their contents should be accounted for )Tj
T*
(in a contingency plan. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(Q\)\(4\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(In the event of a disaster or disruption, the computer facility )Tj
T*
(and the backup facility must have the capability to function )Tj
T*
(normally with minimal delay or lost processing time. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(In the Capitaltown area, the probability of an earthquake )Tj
T*
(occurring is high. A contingency plan should be drafter to ensure \
)Tj
T*
(continuity of operations for the Office of Employment Security )Tj
T*
(headquarters offices. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The annual frequency estimates for an earthquake larger than 6.0 )Tj
0 -1.2 TD
(on the Richter Scale is .02. This translates into a probability )Tj
0 -1.20001 TD
(of occurrence of two in one hundred years. The AFE would be lower \
)Tj
0 -1.2 TD
(except for the fact that there has been no serious earthquake )Tj
T*
(activity in the area in recent times and current research )Tj
T*
(indicates that the longer the period of inactivity along a fault )Tj
T*
(line, the higher the probability of a strong earthquake. )Tj
T*
( )Tj
T*
(An earthquake of magnitude 6.0 or greater would cause major )Tj
T*
(disruption to Office of Employment Security operations. Without a \
)Tj
T*
(contingency plan, it is estimated that operations would be halted )Tj
T*
(for approximately four weeks. Time would be needed for getting )Tj
T*
(additional office space, moving in, and starting up operations. )Tj
T*
( )Tj
T*
(Once operations were resumed, the Office of Employment Security )Tj
T*
(would have to pay overtime to many production employees to make up \
)Tj
T*
(for lost time. Because the Threeville data center can continue to \
)Tj
T*
(accumulate Unemployment Insurance Bureau transactions while the )Tj
ET
EMC
Q
endstream
endobj
173 0 obj[51 0 R]
endobj
174 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 33>>
endobj
175 0 obj 2662
endobj
176 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(central computer in Capitaltown is disabled, DDE operations would )Tj
0 -1.2 TD
(not be affected. The overtime would apply to approximately 170 )Tj
T*
(non-DDE processors at HQ and in the field offices. )Tj
T*
( )Tj
T*
(The cost of overtime would be 4 wks x 40 hrs/wk x $6/hr x 170 )Tj
T*
(staff x 1.5 overtime x 1.25 overhead = $310K. )Tj
T*
( )Tj
T*
(The ALE is then .02 x $310K = $6.2K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARD AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to draft and implement a contingency )Tj
T*
(plan which will allow SOES to move to emergency office space and )Tj
T*
(restart operations within one week of a major disaster. )Tj
T*
( )Tj
T*
(This will reduce the ALE by 75% to $1.6K. )Tj
T*
( )Tj
T*
(The cost of developing a contingency plan will be determined on )Tj
T*
(the basis of the total ALE reduction it will generate. For 5 )Tj
T*
(years, this reduction is $6.2K x 3.79 - $1.6K x 3.79 = $17K. This \
)Tj
T*
(and an annual testing and updating expense of $1.5K. The total 5- )Tj
T*
(year cost would be 3.79 x $1.5K + $10K = $16K. )Tj
T*
( )Tj
T*
(The 5-year savings is then $17K - $16K = $1K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.2 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Prepare a detailed contingency plan for SOES's Capitaltown )Tj
T*
(facilities. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(FOURVILLE AND TWOVILLE)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The Fourville field office is located in a single story structure )Tj
0 -1.20001 TD
(which is also occupied by a restaurant and a real estate agency. )Tj
0 -1.2 TD
( )Tj
T*
(The Twoville field office occupies one third of the space in a )Tj
T*
(converted warehouse. It is a brick-faced, wood frame building )Tj
T*
(with dropped ceilings. One third of the building is vacant and )Tj
T*
(the other one third is occupied by a reputable restaurant. )Tj
T*
( )Tj
T*
(Both the Fourville and Twoville field offices are located in areas \
)Tj
T*
(designated as zone 3. Zone definitions are taken from the )Tj
T*
(Deterministic Seismic Hazard Map of the U.S. after Algermissen. )Tj
T*
(In this vicinity, there is no history of earthquakes of a high )Tj
ET
EMC
Q
endstream
endobj
177 0 obj[51 0 R]
endobj
178 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 34>>
endobj
179 0 obj 2846
endobj
180 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(enough magnitude to inflict significant damage. Between 1900 and )Tj
0 -1.2 TD
(1974 there were no earthquakes of intensity greater than 5.7 on )Tj
T*
(the Richter Scale. )Tj
T*
( )Tj
T*
(The Fourville and Twoville field offices are located in a )Tj
T*
(relatively safe valley area in which the soil is made up of sand )Tj
T*
(and gravel. In conclusion, if an earthquake were to occur in this \
)Tj
T*
(area, it would result in little or no damage to SOES facilities, )Tj
T*
(and therefore is of minimal concern. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(THREEVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The soil in the Threeville area is made up of loosely filled )Tj
T*
(coarse grain earth. If an earthquake greater than 6.0 on the )Tj
T*
(Richter Scale were to occur for more than one minute \(continuous )Tj
T*
(shaking\), the ground water would liquefy the pore spaces and )Tj
T*
(destroy the soil structure. This would cause the soil to )Tj
T*
(essentially become quicksand and parts of the building could )Tj
T*
(collapse. The Tectonic fault is approximately one mile east of )Tj
T*
(Threeville. The fault extends from Narrow Creek southward into )Tj
T*
(Lakeside County. Most of the known activity of the Tectonic fault \
)Tj
T*
(is further south away from the city of Threeville. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.3-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville field office building could collapse during an )Tj
T*
(earthquake. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Because the terrain around the city of Threeville is made up of )Tj
0 -1.20001 TD
(loosely filled coarse grain earth, the SOES field office building )Tj
0 -1.2 TD
(could collapse during an earthquake. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The AFE for an earthquake of magnitude 6.0 or greater at )Tj
T*
(Threeville has been set at .01. In the absence of a contingency )Tj
T*
(plan, such an earthquake would halt Threeville field office )Tj
T*
(operations for the 4 weeks it would take to locate emergency )Tj
T*
(space, move in and reconfigure all ADP and communications )Tj
T*
(equipment. )Tj
T*
( )Tj
T*
(Claims processing activities at HQ, Fourville and Twoville would )Tj
T*
(also be affected because these activities require that the )Tj
T*
(Threeville Data Center be in operation. The ALE will be the )Tj
T*
(dollar equivalent of 4 weeks' overtime for about 300 claims )Tj
ET
EMC
Q
endstream
endobj
181 0 obj[51 0 R]
endobj
182 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 35>>
endobj
183 0 obj<>
endobj
184 0 obj 2657
endobj
185 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(processing personnel plus the cost of office furniture and )Tj
0 -1.2 TD
(supplies for the Threeville staff \($64 from Finding 2.2-1\) plus )Tj
T*
(the cost of the remaining 3 years lease obligation for ADP )Tj
T*
(equipment at Threeville \($643K from Finding 2.2-1\). )Tj
T*
( )Tj
T*
(The overtime cost is 4 wks x 40 hrs/wk x $6/hr x 1.5 overtime x )Tj
T*
(1.25 overhead x 300 staff = $540K. )Tj
T*
( )Tj
T*
(The total ALE is then .01 x \($540K + $64K + $643\) - $12K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is a contingency plan which will allow the \
)Tj
T*
(Threeville field office to reestablish itself in new space within )Tj
T*
(one week of a disaster. )Tj
T*
( )Tj
T*
(The savings \(not including the cost of contingency plan )Tj
T*
(development\) will be 75% of that portion of the ALE which is due )Tj
T*
(to overtime costs or .75 x .01 x $540K = $4.1K. )Tj
T*
( )Tj
T*
(The ALE reduction is then $12K - $4.1K = $7.9K. )Tj
T*
( )Tj
T*
(The cost of the contingency plan development is determined after )Tj
T*
(all ALE reductions brought about by that safeguard have been )Tj
T*
(calculated. This is done on the multiple effects worksheets of )Tj
T*
(Appendix C. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.3 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(prepare a formal contingency plan for the Threeville field office. \
)Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(2.4 TORNADOES)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(HEADQUARTERS, FOURVILLE AND TOURVILLE)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(It has been determined by the examination of various maps that )Tj
T*
(there was one occurrence of a tornado in both of the one degree )Tj
T*
(square areas surrounding the Office of Employment Security )Tj
T*
(Capitaltown headquarters offices and the Fourville and Twoville )Tj
T*
(field offices over a thirteen year period. Each one degree square \
)Tj
T*
(encompasses approximately forty-nine hundred square miles. )Tj
T*
( )Tj
T*
(The annual frequency estimate is then derived by dividing the )Tj
T*
(number of square miles in the one degree square area \(4900\) into \
)Tj
ET
EMC
Q
endstream
endobj
186 0 obj[51 0 R]
endobj
187 0 obj[182 0 R/XYZ 0 687.617493 null]
endobj
188 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 36>>
endobj
189 0 obj 2698
endobj
190 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(the approximate number of tornadoes occurring in that are in any )Tj
0 -1.2 TD
(one year \(1/13\). The resultant annual frequency estimate for )Tj
T*
(tornadoes which specifically impact the Office of Employment )Tj
T*
(Security headquarters facilities and the Twoville and Fourville )Tj
T*
(filed offices is calculated to be \(1/13\)/4900 which is equal to )Tj
T*
(.00002. )Tj
T*
( )Tj
T*
(The AFE is so small that the risk of loss due to tornadoes is )Tj
T*
(negligible. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(THREEVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(It has been determined from various maps that there were four )Tj
T*
(tornadoes in the one degree square area surrounding the Threeville \
)Tj
T*
(field office during a thirteen year period. This one degree )Tj
T*
(square encompasses approximately forty-nine hundred square miles. )Tj
T*
( )Tj
T*
(The annual frequency estimate is the derived by dividing the )Tj
T*
(number of square miles in a one degree square area \(4900\) into the \
)Tj
T*
(approximate number of tornadoes occurring in that area in any one )Tj
T*
(year \(4/13\). The resultant annual frequency estimate for )Tj
T*
(tornadoes which specifically impact the Office of Unemployment )Tj
T*
(Security's Threeville field office is calculated as \(4/13\)/4900 )Tj
T*
(which is equal to .00006. )Tj
T*
( )Tj
T*
(This AFE is so small that the risk of a serious loss is )Tj
T*
(negligible. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(2.5 POWER OUTAGES)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Although there are approximately two or three power outages per )Tj
0 -1.20001 TD
(year in all SOES facilities, there is no significant impact on )Tj
0 -1.2 TD
(processing because there is no overtime associated with downtime )Tj
T*
(up to two hours and none of the outages have lasted that long. )Tj
T*
( )Tj
T*
(There is no significant risk of loss due to power outages. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(2.6 A/C OR HEATING FAILURE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There have been no cases of State Office of Employment Security )Tj
T*
(employees being sent home because of the lack of air conditioning )Tj
T*
(or heat. )Tj
T*
( )Tj
T*
(A preventive maintenance program is being followed to minimize the \
)Tj
T*
(possibility of a breakdown in the electrical and mechanical )Tj
T*
(systems. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
191 0 obj[51 0 R]
endobj
192 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 37>>
endobj
193 0 obj 2635
endobj
194 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(There is an air conditioning service on call to handle any )Tj
0 -1.2 TD
(breakdown twenty-four hours a day, seven days a week. )Tj
T*
( )Tj
T*
(The existence of a preventive maintenance program and the )Tj
T*
(availability of the on-call air conditioning service makes the )Tj
T*
(risk negligible. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(2.7 THEFT/ROBBERY/UNAUTHORIZED ACCESS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(HEADQUARTERS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Due to the location of the Office of Employment Security )Tj
T*
(headquarters buildings in an area containing some popular tourist )Tj
T*
(attractions, the potential for unauthorized access is greatly )Tj
T*
(increased. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDINGS 2.7-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Headquarters offices are susceptible to unauthorized access. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137 \(N\)\(7\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(During normal working hours, access to the Unemployment Insurance )Tj
T*
(Bureau claims work area is generally to be restricted to company )Tj
T*
(employees. The presence of all visitors is to be controlled. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(When we passed the loading dock guard station at 123 Main Street )Tj
T*
(on various occasions, the guard was absent. On further inspection \
)Tj
T*
(we observed the guard standing near 1st Street, which is located )Tj
T*
(one-half black down the street from the loading dock. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(We feel that 123 Main Street is susceptible to unauthorized entry )Tj
0 -1.2 TD
(through the loading dock door due to inadequate monitoring by the )Tj
T*
(guard force. )Tj
T*
( )Tj
T*
(Losses to SOES could occur by theft, fraud or vandalism. Blank )Tj
T*
(checks as well as signed checks ready for mailing are stored in )Tj
T*
(rooms whose walls do not extend to the true ceiling. CRT )Tj
T*
(terminals which can access restricted files such as the Master )Tj
T*
(Employer File are located in the building. Office spaces for )Tj
T*
(Unemployment Insurance Bureau management personnel are also )Tj
T*
(located in the building and could be vandalized. )Tj
ET
EMC
Q
endstream
endobj
195 0 obj[51 0 R]
endobj
196 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 38>>
endobj
197 0 obj 2630
endobj
198 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(The risk of fraud and abuse through manipulation of computerized )Tj
T*
(Unemployment Insurance Bureau data is evaluated in Findings )Tj
T*
(3.2.1.1.2-1 and 3.3-1. The risk of theft is treated in Finding )Tj
T*
(3.5.1-1. )Tj
T*
( )Tj
T*
(In this finding we will account for the threat of vandalism and )Tj
T*
(other destructive acts. Although intruders could probably gain )Tj
T*
(access to the headquarters buildings with little difficulty, there \
)Tj
T*
(are in fact no cases of vandalism on record. For that reason we )Tj
T*
(select an AFE of 1 from the low end of the scale. )Tj
T*
( )Tj
T*
(The loss potential, considering only Unemployment Insurance Bureau \
)Tj
T*
(assets, is set at $100K. this includes losses due not only to the \
)Tj
T*
(physical destruction of tangible assets but also to the damage )Tj
T*
(done to paper records and data contained on other physical media. )Tj
T*
( )Tj
T*
(The ALE is $100K x 1 = $100K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to enforce existing guard procedures )Tj
T*
(more strictly. The cost should not exceed 1 hour per day of staff \
)Tj
T*
(time by a guard supervisor at a salary level of $18K per year )Tj
T*
(including overhead. This amounts to \(1/8\) x $18K/yr = $2.3K per \
)Tj
T*
(year. )Tj
T*
( )Tj
T*
(The ALE would be reduced by 95% to $5K. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The savings will be \($!00K - $5K\) - $2.3K = $93K. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(See the risk analysis worksheets in Section B.4 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Monitor the performance of the guard force and demand compliance )Tj
T*
(with established procedures. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 2.7-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The wearing of badges at 456 Main Street is not enforced. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(7\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(During normal working hours, access to Unemployment Insurance )Tj
T*
(Bureau Claims work areas is generally to be restricted to Bureau )Tj
T*
(employees. The presence of all visitors is to be controlled. )Tj
ET
EMC
Q
endstream
endobj
199 0 obj[51 0 R]
endobj
200 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 39>>
endobj
201 0 obj 2497
endobj
202 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Employees at 456 Main Street do not all wear their SOES badges. )Tj
T*
(Unescorted visitors could pocket their badges and be taken for )Tj
T*
(employees. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Because badges are not generally worn, an intruder or a bona fide )Tj
T*
(visitor could masquerade as a SOES employee and move freely )Tj
T*
(through the building. The fact that the upper floors are not )Tj
T*
(currently occupied would allow such a person to hide until after )Tj
T*
(normal business hours. He could then commit destructive acts or )Tj
T*
(steal assets such as benefit checks or office equipment and depart \
)Tj
T*
(undetected. )Tj
T*
( )Tj
T*
(This problem is closely related to Finding 3.11.2-1. The risk )Tj
T*
(analysis is not repeated here because we feel that this would tend \
)Tj
T*
(to make a single access control problem with several facets appear \
)Tj
T*
(to be a number of independent problems. In addition it would )Tj
T*
(unreasonably inflate the loss expectancy. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Enforce the wearing of badges at 456 Main Street. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(999 BACK STREET)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The State Supply Warehouse is surrounded by streets on three sides \
)Tj
0 -1.2 TD
(and a parking lot on the fourth side. The walls are sheer from )Tj
0 -1.20001 TD
(the ground to the rooftop level above the fourth floor. A fire )Tj
0 -1.2 TD
(escape ladder extends from the roof to ground level. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 2.7-3:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The State Supply Warehouse is susceptible to unauthorized access. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access. )Tj
ET
EMC
Q
endstream
endobj
203 0 obj[51 0 R]
endobj
204 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 40>>
endobj
205 0 obj<>
endobj
206 0 obj 2750
endobj
207 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The State Supply Warehouse building has a guard at the front )Tj
T*
(entrance who checks the ID of persons entering. If an intruder )Tj
T*
(wanted to gain access to the warehouse, he could go to the side of \
)Tj
T*
(the building and climb up the fire escape ladder to the roof. )Tj
T*
(Once on the roof, the intruder could enter the warehouse by )Tj
T*
(breaking the skylight window. )Tj
T*
( )Tj
T*
(We also discovered that the motor for the elevator is housed in a )Tj
T*
(structure on top of the roof. The elevator motor is protected by )Tj
T*
(an easily breached wire mesh screen. An intruder could easily )Tj
T*
(bypass the screen and gain entry to the warehouse by climbing down \
)Tj
T*
(the elevator shaft and out onto one of the floors. )Tj
T*
( )Tj
T*
(By entering the third floor, the intruder could set the record )Tj
T*
(storage area on fire, destroying the Unemployment Insurance Bureau \
)Tj
T*
(records and possibly causing damage to the warehouse building. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is no good reason why individuals would want to enter or )Tj
T*
(vandalize the warehouse facility except for retaliatory purposes )Tj
T*
(against the Office of Employment Security organization. This is )Tj
T*
(because of the minimal amount of valuable assets contained in the )Tj
T*
(building and because there are many other warehouse facilities in )Tj
T*
(the same area which could also be looted or damaged. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(In conclusion, there would be little motivation for breaking into )Tj
0 -1.2 TD
(the Sate Supply Warehouse and consequently the AFE for either )Tj
0 -1.20001 TD
(unauthorized access or vandalism to the facility would be very )Tj
0 -1.2 TD
(low. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FOURVILLE AND TWOVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville Field office is a single story masonry structure )Tj
T*
(occupying one-quarter of a square block. The building is also )Tj
T*
(occupied by a restaurant and real estate agency. )Tj
T*
( )Tj
T*
(A restaurant occupies one third of the building in which the )Tj
ET
EMC
Q
endstream
endobj
208 0 obj[51 0 R]
endobj
209 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 41>>
endobj
210 0 obj 2859
endobj
211 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(Office of Employment Security Office at Twoville is located. )Tj
0 -1.2 TD
( )Tj
T*
(Because there are other operating business in the immediate )Tj
T*
(vicinity of both field offices, their employees and customers move \
)Tj
T*
(about the vicinity of the offices, increasing the potential for )Tj
T*
(unauthorized access. However, the buildings are equipped with )Tj
T*
(door alarms and motion detectors which minimize the risk of )Tj
T*
(unauthorized entry during non-business hours. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(THREEVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Because other businesses occupy part of the building in which the )Tj
T*
(Office of Employment Security office is housed, their employees )Tj
T*
(and customers move about the vicinity of the office increasing the \
)Tj
T*
(potential for unauthorized access. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.7-4:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville Field Office is susceptible to unauthorized access. \
)Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is a gap between the top of the rear exit door and the )Tj
T*
(doorframe. A normally closed magnetically controlled switch is )Tj
T*
(attached to the doorframe within reach of the gap. A magnet is )Tj
T*
(attached t the door in such a way that when the door is closed, )Tj
T*
(the magnet touches the switch and causes it to open. If an )Tj
0 -1.20001 TD
(intruder were to open the door, the magnet would move away from )Tj
0 -1.2 TD
(the switch; the switch would then close and set off the alarm. )Tj
0 -1.2 TD
(The intruder could place his own magnet near the switch through )Tj
0 -1.20001 TD
(the gap at the top of the door and then open the door without )Tj
0 -1.2 TD
(closing the switch and setting off the alarm. )Tj
T*
( )Tj
T*
(The photoelectric beam detectors are not adequate for protection )Tj
T*
(because no matter how the beam is adjusted, it can be by passed )Tj
T*
(either by jumping over it or by crawling under it to gain entry )Tj
T*
(into the field office. )Tj
T*
( )Tj
T*
(After we learned that established procedures required that the )Tj
T*
(door leading from the parking lot into the training room be locked \
)Tj
T*
(to prevent unauthorized access, we checked it and discovered it to \
)Tj
ET
EMC
Q
endstream
endobj
212 0 obj[51 0 R]
endobj
213 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 42>>
endobj
214 0 obj 2829
endobj
215 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(be unlocked. )Tj
0 -1.2 TD
( )Tj
T*
(The door leading form the rear parking lot into the Threeville )Tj
T*
(filed office record storage area is made of a flexible metal )Tj
T*
(material which is unsturdy and therefore easily penetrable with )Tj
T*
(minimal effort. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Whereas Fourville and Twoville are relatively well protected from )Tj
T*
(unauthorized access, Threeville is vulnerable because its alarms )Tj
T*
(can all be bypassed easily and because the reception area is )Tj
T*
(poorly monitored during the early morning and the later afternoon. \
)Tj
T*
(\(See Finding 3.2.1.3-1.\) )Tj
T*
( )Tj
T*
(The lease cost for EDP equipment in the Threeville field office )Tj
T*
(was $17,866 for the month of December, 1982. If this equipment )Tj
T*
(were stolen or destroyed, SOES would be liable for these charges )Tj
T*
(for the remaining 3 years of the lease. This would amount to 36 )Tj
T*
(mos x $17,866 = $643K. )Tj
T*
( )Tj
T*
(The AFE of 5 is larger than for other sites because of the ease of \
)Tj
T*
(unauthorized access. )Tj
T*
( )Tj
T*
(THE ALE is then $643K x 5 = $3.2M. This is a worst case figure )Tj
T*
(which reflects what might happen if the access control )Tj
T*
(vulnerability were discovered and exploited by a criminal and SOES \
)Tj
T*
(failed to take any corrective action. Thieves could then loot the \
)Tj
0 -1.20001 TD
(office over and over again. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Actually, SOES would implement more effective controls after the )Tj
0 -1.20001 TD
(first serious theft in order to eliminate the problem. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(A number of steps should be taken. The beam alarms should be )Tj
T*
(replaced with motion detectors. The seven soft-metal warehouse )Tj
T*
(doors, covered on the inside with sheetrock, should be removed and \
)Tj
T*
(the outside wall bricked up. The rear exit door with the gap at )Tj
T*
(th top should be replaced with a much sturdier well-fitted door. )Tj
T*
(All outside doors except the main entrance should be locked and )Tj
T*
(alarmed during the day. The main entrance door should be equipped \
)Tj
T*
(with a signaling device which would sound when the door is opened )Tj
T*
(from the outside. )Tj
T*
( )Tj
T*
(The cost of all these modification should not exceed $20K. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
216 0 obj[51 0 R]
endobj
217 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 43>>
endobj
218 0 obj 2534
endobj
219 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(The ALE will be effectively reduced to $0. )Tj
0 -1.2 TD
( )Tj
T*
(The 5-year savings will be \($3.2M - $0\) x 3.79 - $20K = $12M. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.5 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Repair the gap in the rear exit door. replace the photoelectric )Tj
T*
(beam detectors with motion detectors. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FOURVILLE, TWOVILLE AND THREEVILLE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 2.7-5:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The custodial service at the field offices perform their duties )Tj
T*
(after hours and are not supervised by SOES personnel. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(11\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Limit the presence of cleaning and maintenance personnel tot he )Tj
T*
(period when there are some regular facility employees on duty. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Custodial services in the Fourville, Twoville and Threeville field \
)Tj
T*
(offices are performed outside of regular working hours and without \
)Tj
T*
(the supervision of Office of Employment Security personnel. )Tj
T*
( )Tj
T*
(This would not be a vulnerability if sensitive records and )Tj
T*
(valuable equipment in the building were properly protected. )Tj
T*
( )Tj
0 -1.20001 TD
(However, many sensitive files are stored in unlocked cabinets in )Tj
0 -1.2 TD
(open areas and valuable items of relatively portable equipment are \
)Tj
0 -1.2 TD
(not secured. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(In the absence of supervision, custodial employees could easily )Tj
T*
(commit dishonest or destructive acts. Although these personnel are \
)Tj
T*
(bonded, it is usually necessary that a crime be proven in court )Tj
T*
(before the bond can be collected. In addition, there is valuable )Tj
T*
(information in the field offices which could be stolen by copying )Tj
T*
(or photography and thus never missed. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(It is unlikely that bonded custodial personnel would vandalize the \
)Tj
ET
EMC
Q
endstream
endobj
220 0 obj[51 0 R]
endobj
221 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 44>>
endobj
222 0 obj 2716
endobj
223 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(field offices. It is also unlikely that they would commit )Tj
0 -1.2 TD
(obviously detectable crimes such as the theft of tangible )Tj
T*
(resources. Bonded personnel would be more apt to commit )Tj
T*
("undetectable" crimes such as copying the wage record file \(with a \
)Tj
T*
(camera, for example\). )Tj
T*
( )Tj
T*
(The loss potential, which is independent of the nature of the )Tj
T*
(threat agent, is set at $100K. )Tj
T*
( )Tj
T*
(Because of the bonding and the fact that no problems of )Tj
T*
(consequence have been associated with the custodial serves, a low )Tj
T*
(AFE of .5 is chosen. )Tj
T*
( )Tj
T*
(The ALE is then $100K x .5 = $50K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Several safeguards are possible. Janitorial services could be )Tj
T*
(performed during normal business hours with a little inconvenience \
)Tj
T*
(to SOES personnel. The services could be performed at night with )Tj
T*
(a SOES supervisor present or they could be performed by SOES )Tj
T*
(employees instead of contractor personnel. )Tj
T*
( )Tj
T*
(Each of these three safeguards would result in the monitoring of )Tj
T*
(custodial personnel by SOES employees in accordance with generally \
)Tj
T*
(accepted practices. )Tj
T*
( )Tj
T*
(The cheapest of the three solutions would be to use existing )Tj
0 -1.20001 TD
(contractor personnel during normal business hours. There would be \
)Tj
0 -1.2 TD
(no additional direct cost. In fact, wage rates might be lower for \
)Tj
0 -1.2 TD
(daytime services. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(One indirect cost would be due to brief interruptions of the )Tj
T*
(office staff by the janitors. This should not amount to more than \
)Tj
T*
(2 minutes per day per person. For 320 field office employees, )Tj
T*
(using an average salary of $6.50 per hour and 25% overhead, the )Tj
T*
(cost of .2 minutes per day lost time would be 2 min/day x 1/60 )Tj
T*
(hrs/min x 320 staff x $6.50/hr x 1.25 overhead x 5 days/wk x 52 )Tj
T*
(wks/yr = $23K. )Tj
T*
( )Tj
T*
(The ALE will be reduced by 90% to $5K. )Tj
T*
( )Tj
T*
(The savings will be \($50K - $5K\) - $23K = $22K per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.6 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
224 0 obj[51 0 R]
endobj
225 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 45>>
endobj
226 0 obj<>
endobj
227 0 obj 2937
endobj
228 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(Have the custodial services perform their duties during normal )Tj
T*
(business hours. )Tj
ET
0.5 0.5 0.5 rg
9.28961 709.72678 m
9.28961 711.5847 l
602.71039 711.5847 l
601.78143 710.65575 l
10.21857 710.65575 l
10.21857 710.65573 l
h
f
0.875 0.875 0.875 rg
602.71039 711.5847 m
602.71039 709.72678 l
9.28961 709.72678 l
10.21857 710.65573 l
601.78143 710.65573 l
601.78143 710.65575 l
h
f
0 0 0 rg
BT
/T1_0 1 Tf
13.00546 0 0 13.00546 9.28961 691.99118 Tm
( )Tj
/T1_1 1 Tf
19.98079 -2.56966 Td
(CHAPTER 3)Tj
-1.4455 -2.39999 Td
(SPECIFIC ISSUES)Tj
/T1_0 1 Tf
-18.53529 -2.54463 Td
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.1 INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This chapter is similar in format to Chapter 2. Each section )Tj
T*
(contains a )Tj
/T1_3 1 Tf
(BACKGROUND AND INTRODUCTION)Tj
/T1_0 1 Tf
( followed by a )Tj
T*
(series of one or more findings. For each finding there are )Tj
T*
(paragraphs entitled )Tj
/T1_3 1 Tf
(FINDING, RELATED CONTROL STANDARD, )Tj
T*
(DISCUSSION, RISK ANALYSIS, SUGGESTED SAFEGUARDS AND COST BENEFIT )Tj
T*
(ANALYSIS, and RECOMMENDATION)Tj
/T1_0 1 Tf
(. The contents of these )Tj
T*
(paragraphs are as outline at the beginning of Chapter 2. )Tj
T*
( )Tj
T*
(The sections of this chapter are based on the organizational )Tj
T*
(structure of SOES. Each functional group, department, division, )Tj
T*
(branch and section which performs functions in support of SOES )Tj
T*
(Unemployment Insurance Bureau Operations was examined in the risk )Tj
T*
(analysis. Only those organizational elements which could have a )Tj
T*
(security or integrity related impact on Unemployment Insurance )Tj
T*
(Bureau Operations are specifically included in this chapter. )Tj
T*
( )Tj
T*
(Each group of organizational elements at one level appears after )Tj
T*
(the element at the next higher level. Thus Employer Audit Unit )Tj
T*
(and Program Integrity appear after Employer Audit and Review. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2 SOES, UNEMPLOYMENT INSURANCE BUREAU)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The SOES Unemployment Insurance Bureau Department is responsible )Tj
T*
(for all aspects of processing Unemployment Insurance Bureau )Tj
T*
(insurance claims in the state. The Department uses field offices )Tj
T*
(in Twoville, Threeville and Fourville in addition to its )Tj
T*
(headquarters staff in Capitaltown to accomplish its work. Data )Tj
T*
(processing services are provided by Turnkey Systems Inc., an )Tj
T*
(Unemployment Insurance Bureau contractor. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
229 0 obj[51 0 R]
endobj
230 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 46>>
endobj
231 0 obj 2644
endobj
232 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(3.2.1 UNEMPLOYMENT INSURANCE BUREAU CLAIMS )Tj
0 -1.2 TD
(OPERATIONS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This department is responsible for all aspects of claims )Tj
T*
(processing including direct data entry, adjustments and )Tj
T*
(overpayment processing, correspondence and telephone, cash )Tj
T*
(disposition accounting, eligibility checking of claimants and )Tj
T*
(benefit charging of employers. The work is done primarily in )Tj
T*
(field offices. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(3.2.1.1 FOURVILLE FIELD OFFICE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville field office is currently responsible for )Tj
T*
(Adjustments and Overpayments Processing and the direct data entry )Tj
T*
(of claims involving major employers. Eventually, Fourville is to )Tj
T*
(be responsible for all aspects of claims processing. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.1-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Wage record file is unprotected. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(19\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the secure storage of all media containing sensitive )Tj
0 -1.20001 TD
(data when it is not in use. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The Wage record file contains data on all persons in the SOES )Tj
T*
(service area who are potential Unemployment Insurance Bureau )Tj
T*
(claimants. Printed versions of portions of the file are kept in )Tj
T*
(open storage. It would be of significant commercial value to any )Tj
T*
(firm marketing products or services generally useful to )Tj
T*
(individuals in specific income brackets and is therefore subject )Tj
T*
(to misappropriation. It must be given proper protection under the \
)Tj
T*
(State Privacy Act of 1974. )Tj
T*
( )Tj
T*
(The problem exists at both the Twoville and Fourville field )Tj
T*
(offices. The numbers used in the analyses below reflect both )Tj
T*
(offices. The finding but not the analysis is repeated in Section )Tj
T*
(3.2.1.2 for cross-reference purposes. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
233 0 obj[51 0 R]
endobj
234 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 47>>
endobj
235 0 obj 2844
endobj
236 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(The Wage Record file is most susceptible to theft by a SOES )Tj
T*
(employee since it is stored in an area normally accessible only to \
)Tj
T*
(employees. However, the Twoville and Fourville field offices are )Tj
T*
(susceptible to unauthorized access in the early morning and late )Tj
T*
(afternoon \(see Section 2.7\). )Tj
T*
( )Tj
T*
(The known range of AFEs for theft from businesses is 1 to 50. )Tj
T*
(Considering the ease of theft in this case, as well as the fact )Tj
T*
(that there has been no previous record of thefts, we have selected \
)Tj
T*
(an AFE of 5. )Tj
T*
( )Tj
T*
(Although the Wage Record file has no intrinsic value and can )Tj
T*
(easily be replaced, there is a potential loss to SOES through a )Tj
T*
(State Privacy Act lawsuit filed by a Unemployment Insurance Bureau \
)Tj
T*
(claimant who will argue that SOES was negligent in protecting the )Tj
T*
(sensitive information entrusted to it. )Tj
T*
( )Tj
T*
(A study of known State Privacy Act cases shows that the likelihood \
)Tj
T*
(of a lawsuit is .0001 to .01 per year. Because of the ease of the \
)Tj
T*
(theft and the large volume of privacy data involved and because of \
)Tj
T*
(the fact that SOES has and no previous lawsuits of this nature, we \
)Tj
T*
(have selected an AFE or .001, in the middle of the range. The )Tj
T*
(cost to SOES might be as much as $20K for legal fees and $100K in )Tj
T*
(compensatory and punitive awards. )Tj
T*
( )Tj
T*
(The ALE is then $120L x 5 x .001 = $600 )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to control access to the Wage record )Tj
T*
(file during the day and store it in a locked filing cabinet at )Tj
0 -1.20001 TD
(other times. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The cost of this safeguard is estimated to be 15 minutes of staff )Tj
0 -1.20001 TD
(time per day or 52 x 5 x 1/4 = 65 hours per year. Using the wage )Tj
0 -1.2 TD
(rate for a general clerk of $4.75 per hour and an overhead rate of \
)Tj
T*
(25%, the total cost per year would be 65 hours x $475 per hour x )Tj
T*
(1.25 = $390. )Tj
T*
( )Tj
T*
(The safeguard would be expected to reduce the ALE by 90% to $60. )Tj
T*
( )Tj
T*
(The expected yearly savings would then be equal to the ALE )Tj
T*
(reduction minus the safeguard cost or \($600 - $60\) - $390 = $150. \
)Tj
T*
( )Tj
T*
(See the risk analysis worksheets in section B.7 of Appendix B. )Tj
ET
EMC
Q
endstream
endobj
237 0 obj[51 0 R]
endobj
238 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 48>>
endobj
239 0 obj 2847
endobj
240 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide secure storage for the Wage Record file at the Twoville )Tj
T*
(and Fourville field offices. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.1-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The outside entrance to the Fourville field office is unmonitored )Tj
T*
(during the early morning and late afternoon hours. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(2\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Control must also be maintained in other Unemployment Insurance )Tj
T*
(Bureau work areas over the presence of visitors, and the presence )Tj
T*
(of employees after normal working hours. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The reception area of the Fourville field office is separated from \
)Tj
T*
(the main work areas. Due to flextime work schedules, this area is \
)Tj
T*
(sometimes unstaffed during the early morning and late afternoon. )Tj
T*
(It would be simple for a person to walk in and conceal himself or )Tj
T*
(to steal a typewriter or other item of equipment from the )Tj
T*
(reception area during these times. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(It would be a relatively simple matter for a person to slip into )Tj
0 -1.2 TD
(the reception area unobserved and conceal himself until the SOES )Tj
0 -1.2 TD
(staff departed. The person could then disable the door open )Tj
0 -1.20001 TD
(sensors attached to the burglar alarm and remove a large quantity )Tj
0 -1.2 TD
(of expensive office equipment. The monthly lease cost of this )Tj
T*
(equipment which includes approximately 82 CRTs, 60 MDTs, a line )Tj
T*
(printer, a micrographics printer, 2 microfiche readers, and 2 16mm \
)Tj
T*
(printers is about $10K. )Tj
T*
( )Tj
T*
(The range of AFEs for theft \(from Finding 3.2.1. )Tj
T*
(1-1\) is 1 to 50. Because we are now considering the theft of )Tj
T*
(bulky equipment which would require some time to move and truck to \
)Tj
T*
(haul away, we will choose an AFE well below the top of the range. \
)Tj
T*
(Because of the ease of initial access to the facility, the AFE )Tj
T*
(must be above the bottom of the range. However, the need to by )Tj
T*
(pass the motion detectors which operate during non-business hours )Tj
T*
(complicates the situation and tends to hold the AFE close to the )Tj
T*
(bottom of the range. We thus select an AFE of 2. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
241 0 obj[51 0 R]
endobj
242 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 49>>
endobj
243 0 obj 2574
endobj
244 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(If the leased ADP equipment were stolen or damaged, SOES would be )Tj
0 -1.2 TD
(responsible for the payments for the remainder of the lease )Tj
T*
(period. This would be approximately 3 years and would amount to )Tj
T*
($360K. )Tj
T*
( )Tj
T*
(The ALE is then $360K x 2 = $720K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is either to ensure continuous staffing of \
)Tj
T*
(the reception area or to install a signaling device which will )Tj
T*
(sound when the entrance door is opened from the outside. )Tj
T*
( )Tj
T*
(Continuous staffing of the reception area is estimated to cost at )Tj
T*
(least one additional hour of staff time per day. Using the wage )Tj
T*
(rate for a general clerk of $4.75 per hour and the overhead rate )Tj
T*
(of 25% this would be 52 wks x 5 days/wk 1 hr/day x $4.75/hour x )Tj
T*
(1.25 = $1,550 per year. )Tj
T*
( )Tj
T*
(The cost of installing a signaling device on the entrance door )Tj
T*
(would be a one-time charge of not more than $300. this is clearly \
)Tj
T*
(the more cost-effective safeguard. )Tj
T*
( )Tj
T*
(The ALE would be reduced to $0 by this safeguard. )Tj
T*
( )Tj
T*
(the savings to be expected over the standard 5-year amortization )Tj
T*
(period is then 3.79 x \($720K - $0\) - $300 = $2.7M. )Tj
T*
( )Tj
T*
(see the risk analysis worksheets in Section B.8 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Ensure that the reception area is staffed at all times when the )Tj
0 -1.2 TD
(main entrance door is unlocked. Alternatively, install a bell or )Tj
0 -1.2 TD
(other signaling device which will sound when the door is opened )Tj
0 -1.20001 TD
(from the outside. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(3.2.1.1.1. EMPLOYER'S CHARGE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The determination of charges to employers is carries out by this )Tj
T*
(unit, This unit also verifies the correctness of wage records in )Tj
T*
(disputed cases. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
ET
EMC
Q
endstream
endobj
245 0 obj[51 0 R]
endobj
246 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 50>>
endobj
247 0 obj<>
endobj
248 0 obj 2653
endobj
249 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(unit. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(3.2.1.1.2 ADJUSTMENTS AND OVERPAYMENTS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville filed office currently performs all adjustments and )Tj
T*
(overpayments processing. This is done by three units operating )Tj
T*
(under a general supervisor. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.1.2-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(It is possible for an Adjustments and Overpayments processor to )Tj
T*
(reactivate and pay a claim or to make an adjustment to a claim in )Tj
T*
(a fraudulent manner. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(It is the function of the adjustments and overpayments processors )Tj
T*
(to make decisions to pay or deny claims in situations where human )Tj
T*
(evaluation of the circumstances is required. Although the )Tj
T*
(processors are relied upon to apply very detailed guidelines in )Tj
0 -1.20001 TD
(carrying out this function, they could easily abuse their )Tj
0 -1.2 TD
(authority and handle some claims in a fraudulent manner. The odds \
)Tj
0 -1.2 TD
(of being caught in a quality control audit would be non-zero but )Tj
0 -1.20001 TD
(small. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Although there has been no history of violation of trust by SOES )Tj
T*
(employees in the field offices, this is at least partially due to )Tj
T*
(the impossibility of carrying out a second party review of all )Tj
T*
(claims processing actions. )Tj
T*
( )Tj
T*
(The range of AFEs for fraud and abuse nationally is .006 to .09. )Tj
T*
( )Tj
T*
(There are approximately 10K adjustment/overpayment actions per day \
)Tj
T*
(or 10K x 5 x52 = 2.6M per year. The standard for suspense )Tj
T*
(processing is between 61 and 69 claims per hour depending on the )Tj
T*
(location. Using 65 as an average, about 16 processors are )Tj
T*
(required to handle the workload. These processors are normally )Tj
ET
EMC
Q
endstream
endobj
250 0 obj[51 0 R]
endobj
251 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 51>>
endobj
252 0 obj<>
endobj
253 0 obj<>
endobj
254 0 obj 2698
endobj
255 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(audited at the rate of 50 to 100 claims per month or an average of \
)Tj
0 -1.2 TD
(75 x 12 = 900 per year. )Tj
T*
( )Tj
T*
(The likelihood of a single fraudulently processed claim being )Tj
T*
(audited is thus about \(900 x 16\) / 2.6M = 15.4K / 2.6M = .006. )Tj
T*
(This means that a processor would risk only 6 chances in 1,000 of )Tj
T*
(having a fraudulent claim reviewed by a second party. )Tj
T*
( )Tj
T*
(Because of the low risk involved, we select the AFE to be the top )Tj
T*
(of the range or .09. )Tj
T*
( )Tj
T*
(FBI statistics indicate that the average computer crime nets )Tj
T*
($500,000 for the perpetrator. This figure seems high for the )Tj
T*
(present situation and a large number of fraudulent transactions )Tj
T*
(would be required to reach 1t. A loss of $100K per year would be )Tj
T*
(a more reasonable upper bound on the amount that could be diverted \
)Tj
T*
(through fraudulent adjustments/overpayments processing. )Tj
T*
( )Tj
T*
(The ALE is then $100 x .09 = $9K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to apply the principle of separation of \
)Tj
T*
(duties. In order to convert Unemployment Insurance Bureau funds )Tj
T*
(to their own use, processors would have the change the payee )Tj
T*
(address associated with the claim. Such actions should be )Tj
T*
(isolated as privileged transactions and assigned to special )Tj
T*
(processors who are not authorized to carry out other types of )Tj
T*
(transactions. )Tj
T*
( )Tj
T*
(This safeguard would cost about 3 staff-months for procedure )Tj
T*
(redesign and another 3 staff-months for modifications to CUIS. We \
)Tj
0 -1.20001 TD
(use an annual salary of $30K and 100% overhead for programming )Tj
0 -1.2 TD
(modifications and a grade 34 salary plus 25% overhead for )Tj
0 -1.2 TD
(procedure redesign. This amounts to \(1/4 x $23,678 x 1.25\) + \(1/4 \
)Tj
0 -1.20001 TD
(x $30K x 2.0\) = $22K. )Tj
0 -1.2 TD
( )Tj
T*
(The ALE reduction would be about 90% yielding a reduced ALE of )Tj
T*
($900. )Tj
T*
( )Tj
T*
(The savings would be \($9K - $900\) x 3.79 - $22K = $9K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.9 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
256 0 obj[51 0 R]
endobj
257 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 52>>
endobj
258 0 obj 2488
endobj
259 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Apply separation of duties between adjustments and overpayments )Tj
0 -1.2 TD
(processing and other aspects of claims processing. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.1.3 ADJUDICATION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This unit is responsible for ensuring that Unemployment Insurance )Tj
T*
(Bureau claimants are eligible and that employers are properly )Tj
T*
(registered within the Unemployment Insurance Bureau program. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.1.4 CLERICAL SUPPORT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This unit provides administrative support to the Fourville field )Tj
T*
(office as well as support services for the Unemployment Insurance )Tj
T*
(Bureau claims processing operation. This includes management of )Tj
T*
(general office services such as copiers, vending machines, )Tj
T*
(janitorial services, etc.; management of paper and microfilm )Tj
T*
(records; and supervision of employee time and performance )Tj
T*
(accounting. )Tj
T*
( )Tj
T*
(We found no problem with the practices and procedures of this )Tj
T*
(unit. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(3.2.1.1.5 AUDITING/TRAINING)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(BACKGROUND AND INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(This unit is responsible for the quality control auditing of )Tj
T*
(claims processors as well as the functional training of newly )Tj
T*
(hired claims processors. The unit reports directly to the field )Tj
T*
(office manager. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.1.6 TSI SUPPORT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(TSI provides a trainee systems analyst at each Unemployment )Tj
T*
(Insurance Bureau field office to support claims processors when )Tj
ET
EMC
Q
endstream
endobj
260 0 obj[51 0 R]
endobj
261 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 53>>
endobj
262 0 obj 2338
endobj
263 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(software problems or local hardware problems arise. )Tj
0 -1.2 TD
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(analyst. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.1.7 PERSONNEL)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This unit, currently consisting of one person, provides all )Tj
T*
(personnel services for the Twoville and Fourville field offices. )Tj
T*
(The unit reports to Personnel at SOES HQ in Capitaltown. Roughly )Tj
T*
(half of the time is spent at Fourville and half at Twoville. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.2 TWOVILLE FIELD OFFICE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This field office is responsible for correspondence processing, )Tj
T*
(cash disposition accounting, telephone inquiries and direct data )Tj
T*
(entry of claims. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2-1 )Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Wage record file is unprotected. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(19\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the secure storage of all media containing sensitive )Tj
T*
(data when it is not in use. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(This problem is discussed under Finding 3.2.1.1-1. The numbers )Tj
0 -1.2 TD
(used in the Risk Analysis and Cost-Benefit Analysis paragraphs of )Tj
0 -1.20001 TD
(that finding cover both the Twoville and the Fourvile field )Tj
0 -1.2 TD
(offices. Consequently, these paragraphs are omitted hers. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide secure storage for the Wage Record file at the Twoville )Tj
T*
(and Fourville field offices. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Outside doors to the Twoville field office \(other than the main )Tj
ET
EMC
Q
endstream
endobj
264 0 obj[51 0 R]
endobj
265 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 54>>
endobj
266 0 obj 2602
endobj
267 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(entrance are unalarmed during business hours. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(2\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Control must also be maintained in other Unemployment Insurance )Tj
T*
(Bureau work areas over the presence of employees after normal )Tj
T*
(working hours. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Although there is a policy that doors other than the main entrance \
)Tj
T*
(door not be used by employees exiting the building, there is no )Tj
T*
(practical means of enforcing the policy. )Tj
T*
( )Tj
T*
(Because these doors can be used during the day, there is a )Tj
T*
(possibility that they will not be closed properly and that )Tj
T*
(unauthorized access to the facility will be made easier. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Although these unalarmed doors represent a security deficiency, it \
)Tj
T*
(would not be a straightforward matter to take advantage of the )Tj
T*
(situation. It would be possible for a person to wait for an )Tj
T*
(opportunity to gain access through these doors, but the time )Tj
T*
(required and the uncertainty of success would reduce the AFE to )Tj
T*
(the lower end of th scale. )Tj
T*
( )Tj
T*
(The range of AFEs for theft and unauthorized access is 1 to 50. )Tj
0 -1.20001 TD
(Consequently we choose 1 as the AFE. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(There are approximately 118 CRTs and 60 MDTs in the Twoville field \
)Tj
0 -1.20001 TD
(office with a lease cost of about $14K per month or $170K per )Tj
0 -1.2 TD
(year. )Tj
T*
( )Tj
T*
(With 3 years of lease payments remaining, the ALE for theft of )Tj
T*
(this equipment is then 3 x $170 x 1 = $510K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to install deadbolt locks on the doors )Tj
T*
(in question and issue keys to the employees who have an official )Tj
T*
(need for them. )Tj
T*
( )Tj
T*
(This safeguard would have a one-time cost of not more than $300 )Tj
T*
(and would reduce the ALE by 100% from $510K to $0. )Tj
T*
( )Tj
T*
(The savings would be 3.79 x \(150K - $0\) - $300 = $1.9M. )Tj
ET
EMC
Q
endstream
endobj
268 0 obj[51 0 R]
endobj
269 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 55>>
endobj
270 0 obj<>
endobj
271 0 obj 2462
endobj
272 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.10 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Install deadbolt locks on all but the main entrance door. Issue )Tj
T*
(keys to those who must use the doors in the conduct of their )Tj
T*
(official duties. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2-3:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Dry chemical fire extinguishers are provided for work areas in )Tj
T*
(which CRT terminals are located. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137 J\(1\)\(C\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Avoid the use of carbon dioxide area extinguishing systems since )Tj
T*
(they present a significant safety hazard. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Dry chemical fire extinguishing agents will damage electronic )Tj
T*
(circuitry beyond repair. Other agents such as halon are equally )Tj
T*
(effective fire suppressants but will not cause any damage to )Tj
T*
(circuitry. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Use of dry chemical extinguishers would be detrimental only in )Tj
T*
(those fire situations in which electronic equipment would be saved \
)Tj
T*
(if non-destructive extinguishing agents were used. This would )Tj
T*
(include only small area fires detected soon after starting and )Tj
0 -1.20001 TD
(would involve at most 4 to 6 CRTs. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The AFE for a small fire occurring during business hours is .1. )Tj
0 -1.20001 TD
(This number results from data collected by State fire inspection )Tj
0 -1.2 TD
(authorities and from national data. )Tj
T*
( )Tj
T*
(The lease cost of 6 CRTs is about $750 per month or $27K for the 3 \
)Tj
T*
(years remaining in the agreement. This value would be totally )Tj
T*
(lost if the CRTs were sprayed with dry chemicals. There would be )Tj
T*
(no loss if halon were used. )Tj
T*
( )Tj
T*
(The ALE is thus $27K x .1 = $2.7K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
273 0 obj[51 0 R]
endobj
274 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 56>>
endobj
275 0 obj 2689
endobj
276 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(Replace the dry chemical extinguishers with halon extinguishers. )Tj
T*
(The cost will be about $200 each. Six extinguishers would then )Tj
T*
(cost $1,200. )Tj
T*
( )Tj
T*
(The ALE reduction would be 100%. The 5-year savings would then be \
)Tj
T*
(the amortized value oft he 5-year loss reduction less the one-time \
)Tj
T*
(cost of the safeguard or 3.79 x $2,7K - $1,200 = $10K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.11 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Replace the dry chemical extinguishers with halon extinguishers. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2-4:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Documents describing restricted access software are not given )Tj
T*
(special protection in the Twoville field office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the organization. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(The same documents which are kept under lock and key in the )Tj
0 -1.2 TD
(Fourville filed office are not similarly protected in the Twoville \
)Tj
0 -1.2 TD
(filed office. This reflects a lack of central control over )Tj
0 -1.20001 TD
(security procedures. It also represents a failure to restrict )Tj
0 -1.2 TD
(information which would give unauthorized persons the ability to )Tj
T*
(access restricted software and data. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The effect of this finding is to make it easier for unauthorized )Tj
T*
(persons to access restricted software. This software includes )Tj
T*
(WRK-PLN and PERF-MON which are not directly concerned with claims )Tj
T*
(processing but rather with workload planning and employee )Tj
T*
(performance. Unauthorized access would not result in an illegal )Tj
T*
(diversion of funds. It would possible lead to intra-office )Tj
T*
(rivalries and ill feelings which would decrease the efficiency of )Tj
T*
(the staff. )Tj
T*
( )Tj
T*
(Using an average salary rate for claims processors of $5.50 per )Tj
ET
EMC
Q
endstream
endobj
277 0 obj[51 0 R]
endobj
278 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 57>>
endobj
279 0 obj 2594
endobj
280 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(hour, an overhead rate of 25% and a staff size of 105, the annual )Tj
0 -1.2 TD
(claims processing staff cost is 105 staff x 1.25 overhead x 52 )Tj
T*
(wks/yr x 5 days/wk x 8 hrs/day x $5.50/hr = $1.5M. )Tj
T*
( )Tj
T*
(A cut in efficiency of only 5% due to staff infighting would then )Tj
T*
(result in a loss of $1.5M x .05 = $75K per year, the ALE. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide proper protection for documents describing restricted )Tj
T*
(software. Although protecting the software by means of passwords )Tj
T*
(or user security profiles would be a more effective solution, it )Tj
T*
(would also be more costly. )Tj
T*
( )Tj
T*
(The existing documents should be stored in locked desks or )Tj
T*
(cabinets until it becomes cost-effective to implement password or )Tj
T*
(user profile protection. )Tj
T*
( )Tj
T*
(The cost of establishing and enforcing secure storage procedures )Tj
T*
(should not exceed 15 minutes per day of supervisor time. )Tj
T*
( )Tj
T*
(This would amount to 1/4 hr/day x 52 wks/yr x 5 days/wk x 1.25 )Tj
T*
(overhead x $7.35/hr = $600 per year. )Tj
T*
( )Tj
T*
(This safeguard should reduce the ALE to $0 because the target of )Tj
T*
(the threat is not sufficiently attractive for anyone to use much )Tj
T*
(effort in gaining access to it. )Tj
T*
( )Tj
T*
(The savings would then be \($75K - $0\) - $600 = $74 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.12 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Access to restricted software should be controlled through )Tj
0 -1.20001 TD
(passwords or user security profiles, not through the secrecy of )Tj
0 -1.2 TD
(operating procedures. In the present situation, the restricted )Tj
T*
(documents should be stored in locked desks or cabinets. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.1 DATA ENTRY)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The data entry function is organized into three operating units )Tj
T*
(and one auditing unit, all reporting to a general supervisor. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
281 0 obj[51 0 R]
endobj
282 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 58>>
endobj
283 0 obj 2810
endobj
284 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(We found no problems with the practices and procedures of the data \
)Tj
0 -1.2 TD
(entry units. Findings related to the auditing unit are discussed )Tj
T*
(in Section 3.2.1.2.5. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.2.2 CORRESPONDENCE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Correspondence processing comprises all activities involved in the \
)Tj
T*
(handling of written queries from Unemployment Insurance Bureau )Tj
T*
(employers, claimants and other interested parties. An online )Tj
T*
(subsystem of CUIS is used to generate automated responses to such )Tj
T*
(inquiries. )Tj
T*
( )Tj
T*
(There are two operating units, a control/microdata unit \(which )Tj
T*
(also services the cash disposition and data entry groups\) and an )Tj
T*
(auditing unit, all under a general supervisor. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of the )Tj
T*
(Correspondence units or the control/microdata unit. Findings )Tj
T*
(relating to the auditing unit are discussed in Section 3.2.1.2.5. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2.2-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Correspondence processors can divert claim payments from their )Tj
T*
(intended recipients in a variety of ways. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Organizations must employ effective measures, consistent with )Tj
0 -1.2 TD
(their operational environment, to limit the potential for )Tj
0 -1.20001 TD
(unassisted fraud. For example, a computer console operator should \
)Tj
0 -1.2 TD
(not be allowed to write programs and introduce them into the )Tj
T*
(system, or to introduce any programs not authorized by someone )Tj
T*
(responsible for the internal control, such as the tape librarian. \
)Tj
T*
(Further examples of the duties that should not be assigned the )Tj
T*
(same employee at the same time are scheduling, operating, )Tj
T*
(programming, storage, and library functions; nor should employees )Tj
T*
(be allowed to perform unassigned duties that might increase the )Tj
T*
(range of their activities. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The primary mechanism is the fraudulent address change. The )Tj
T*
(capability also exists for processors to restore the correct )Tj
T*
(address after payment has been made. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
285 0 obj[51 0 R]
endobj
286 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 59>>
endobj
287 0 obj 2459
endobj
288 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(There is a risk of being caught in a quality control audit but the \
)Tj
0 -1.2 TD
(risk is small. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This finding is essentially similar to Finding 3.2.1.1.2-1. )Tj
T*
(Because all claims processors have access to all aspects of claims \
)Tj
T*
(processing, it would be repetitive to assess separately potential )Tj
T*
(losses due to fraud by correspondence processors and adjustments )Tj
T*
(and overpayments processors. )Tj
T*
( )Tj
T*
(Consequently, the reader is referred to Finding 3.2.1.1.2-1 for )Tj
T*
(risk analysis calculations. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Determine patterns of claims processing transactions which would )Tj
T*
(be carried out when fraud was being attempted. Flag for special )Tj
T*
(review al claims to which these patterns apply. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.3 CASH DISPOSITION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The general supervisor of cash disposition also oversees the )Tj
T*
(Telephones Unit and an Auditing Unit. The Cash Disposition Unit )Tj
T*
(assists in Unemployment Insurance Bureau benefit fund accounting )Tj
T*
(by using an online CUIS subsystem to enter data related to )Tj
0 -1.20001 TD
(returned benefit payment checks, stale-dated check, recouped )Tj
0 -1.2 TD
(overpayments, etc. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(No cash or checks are handled by this office except in rare )Tj
0 -1.2 TD
(instances when they are sent to Twoville by mistake instead of to )Tj
T*
(Capitaltown. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2.3-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords controlling access to CUIS Cash Disposition functions )Tj
T*
(are not changed when employees who know them terminate their )Tj
T*
(employment. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(13\):)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
289 0 obj[51 0 R]
endobj
290 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 60>>
endobj
291 0 obj<>
endobj
292 0 obj 2594
endobj
293 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(prompt action must be taken to delete an employee's personal )Tj
T*
(identification number or other identifier from the system )Tj
T*
(authorization list or table when the employee no longer has the )Tj
T*
(authority to access a system \(e.g., after changing function or )Tj
T*
(leaving the organization.\) )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is discussed more generally in Finding 3.3-5 below. )Tj
T*
(Terminating employees could misuse their knowledge either for )Tj
T*
(personal gain or to get revenge for their perceived mistreatment )Tj
T*
(by SOES. )Tj
T*
( )Tj
T*
(The Risk Analysis and Cost-Benefit Analysis paragraphs are omitted \
)Tj
T*
(here because this problem is covered in the analysis of Finding )Tj
T*
(3.3-1. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All access control keys \(both logical can physical\) should be )Tj
T*
(returned to SOES or rendered unusable upon th termination of )Tj
T*
(employees who possess them. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2.3-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords controlling access to CUIS Cash Disposition functions )Tj
T*
(are sometimes written down by the clerks entrusted with them. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(RELATED CONTROL STANDARD 5137\(J\)\(12\):)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(Passwords must not be displayed on the video display terminals or )Tj
0 -1.2 TD
(hardcopy devices. Ensure that the computer operators, acting )Tj
T*
(without authority, are not able to display user programs or )Tj
T*
(circumvent security mechanisms. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(When written down, passwords become much more accessible to )Tj
T*
(unauthorized parties. A knowledgeable person would assume that )Tj
T*
(the password was written down and search the work area of the )Tj
T*
(employee who regularly uses it. Typical places to look would )Tj
T*
(include calendar pads, blotters and little slips of paper. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This is another finding relating to a lack of proper password )Tj
ET
EMC
Q
endstream
endobj
294 0 obj[51 0 R]
endobj
295 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 61>>
endobj
296 0 obj 2549
endobj
297 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(management. The risk analysis and cost-benefit analysis of this )Tj
0 -1.2 TD
(issue are contained in Finding 3.3-1. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Establish and enforce a policy that passwords are not to be )Tj
T*
(written down. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2.3-3:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is no effective control over mail which may be addressed to )Tj
T*
(specific field office employees and which may contain checks made )Tj
T*
(out to those employees. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(K\)\(5\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(During non-working hours, Unemployment Insurance Bureau-related )Tj
T*
(work materials must be stored in a secure area, such as an entire )Tj
T*
(floor or room. In the event that this access control can be )Tj
T*
(achieved by securing the entire building, it is not necessary to )Tj
T*
(apply restrictive measures to individual locations within the )Tj
T*
(building. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Occasionally an Unemployment Insurance Bureau claimant will )Tj
T*
(attempt to reimburse SOES for an overpayment made on a claim by )Tj
T*
(writing a check to a specific SOES employee. In the absence of )Tj
0 -1.20001 TD
(controls, the employee can cash the check and pocket the money. )Tj
0 -1.2 TD
(He could do this with relative impunity when the overpaid amount )Tj
0 -1.2 TD
(is less than $50 because recoupment of such small amounts is not )Tj
0 -1.20001 TD
(pursued beyond the mailing of a single letter requesting )Tj
0 -1.2 TD
(repayment. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(An enterprising cash disposition clerk could attempt to increase )Tj
T*
(the likelihood that checks would be addressed to and/or made out )Tj
T*
(to him. He could then cash all such checks he received. )Tj
T*
( )Tj
T*
(In the worst case a clerk might manage to receive 100 checks per )Tj
T*
(year worth about $100 each for a total of $10K. )Tj
ET
EMC
Q
endstream
endobj
298 0 obj[51 0 R]
endobj
299 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 62>>
endobj
300 0 obj 2577
endobj
301 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(As this is not a difficult thing to do, we choose the AFE for this \
)Tj
T*
(form of fraud and abuse from the high end of the range, .09. )Tj
T*
( )Tj
T*
(The ALE is then $10K x .09 = $900. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(By requiring all staff members to open personally addressed mail )Tj
T*
(received at the office in the presence of a supervisor, the ALE )Tj
T*
(will be reduced by 95%. )Tj
T*
( )Tj
T*
(The reduced ALE will then be .05 x $900 = $45. )Tj
T*
( )Tj
T*
(The safeguard cost will be essentially zero. The resulting )Tj
T*
(savings is then $860 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.13 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Require that mail addressed to individual employees be opened by )Tj
T*
(mailroom personnel or in the presence of a second party. Require )Tj
T*
(also that employees not intentionally direct personal mail to the )Tj
T*
(SOES address. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.4 TELEPHONES)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The Telephone unit operates under the same general supervisor as )Tj
0 -1.20001 TD
(the Cash Disposition Unit. The unit responds to telephone )Tj
0 -1.2 TD
(inquiries related to Unemployment Insurance Bureau claims. A Rolm \
)Tj
T*
(Automated Call Distribution \(ACD\) System detects incoming calls, \
)Tj
T*
(routes them to available unit personnel and places excess calls on \
)Tj
T*
(hold. The ACD System has a control keyboard and a CRT display. )Tj
T*
(It reports statistics on its operations. There are 12 eastern )Tj
T*
(state WATS lines, 4 western state WATS lines and 5 local lines. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2.4-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Address changes are accepted from Unemployment Insurance Bureau )Tj
T*
(claimants over the telephone. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(13\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Make sure of the identity of outside personnel into whose )Tj
ET
EMC
Q
endstream
endobj
302 0 obj[51 0 R]
endobj
303 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 63>>
endobj
304 0 obj 2798
endobj
305 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(possession Unemployment Insurance Bureau data are to be release. )Tj
0 -1.2 TD
(Special attention should be given to release of personnel )Tj
T*
(information by telephone either within the organization or to the )Tj
T*
(people outside. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The address associated with the payee of a claim constitutes )Tj
T*
(sensitive information as it specifies where potentially large )Tj
T*
(amounts of money will be sent. Persons having the ability to )Tj
T*
(manipulate such address information in effect have the ability to )Tj
T*
(control the disbursement of Unemployment Insurance Bureau benefit )Tj
T*
(funds. )Tj
T*
( )Tj
T*
(To change a claimant's address by telephone, a caller must know )Tj
T*
(only the claimant's name, address and registration number, )Tj
T*
(information which is easily acquired. )Tj
T*
( )Tj
T*
(A clever swindler would find a way to get the necessary )Tj
T*
(information for a relatively large claim and change the address to \
)Tj
T*
(one not associated with him personally but which he could monitor )Tj
T*
(for delivery of the benefit check. When the check arrived, the )Tj
T*
(swindler would steal it form the mailbox unbeknownst to the owners \
)Tj
T*
(and cash it. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(to make such an operation worthwhile, a swindler would probably )Tj
T*
(target larger claims only. He could get the necessary information \
)Tj
T*
(by taking a janitorial job in a private employment service and )Tj
T*
(using his access to the facility to gain access to applicant )Tj
T*
(records. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(With careful planning, the swindler might divert 1,000 or more )Tj
0 -1.2 TD
(checks worth $100,000 total over a short period of time. The )Tj
0 -1.20001 TD
(operation would have to be abandoned by the time the intended )Tj
0 -1.2 TD
(payees reported non-receipt of their checks because the resulting )Tj
T*
(investigation would soon focus on the private employment service )Tj
T*
(itself. )Tj
T*
( )Tj
T*
(The same type of operation might be carried out over a longer )Tj
T*
(period of time at multiple facilities. In this case the swindler )Tj
T*
(would divert only one check form each facility in order to keep )Tj
T*
(his modus operandi secret. )Tj
T*
( )Tj
T*
(The AFE for fraud and abuse of .006 applies. The low end of the )Tj
ET
EMC
Q
endstream
endobj
306 0 obj[51 0 R]
endobj
307 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 64>>
endobj
308 0 obj 2778
endobj
309 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(scale is used because of the complicated nature of the fraudulent )Tj
0 -1.2 TD
(activity. )Tj
T*
( )Tj
T*
(The ALE is $100K x .006 = $600. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(One suggested safeguard is to require change of address request to \
)Tj
T*
(be in writing over the signature of the claimant. This would foil \
)Tj
T*
(casual swindlers not willing to spend a lot of time and energy on )Tj
T*
(their attempted fraudulent activity, but it would not deter the )Tj
T*
(serious con artist described above who would have access not only )Tj
T*
(to the claimant's personal data but also to copies of his )Tj
T*
(signature. )Tj
T*
( )Tj
T*
(A more effective safeguard would be to issue each claimant a )Tj
T*
(secret password or number to be used as an authorizing code for )Tj
T*
(address changes and other transactions of import. Such a )Tj
T*
(mechanism is already being used by banks, especially those with )Tj
T*
(automated teller terminals. )Tj
T*
( )Tj
T*
(This latter safeguard should reduce the ALE by 95% to $30. )Tj
T*
( )Tj
T*
(The cost of the safeguard is estimated at 3 staff-months for )Tj
T*
(programming modifications to CUIS to generate, use and store the )Tj
T*
(secret codes, plus 1 staff-month of administrative time and $10K )Tj
T*
(for notification of the claimant. We have used $30K salary and )Tj
T*
(100% overhead for programming changes and a grad 30 salary and 25% \
)Tj
0 -1.20001 TD
(overhead for administrative time. This amounts to \(1/4 x $30K x )Tj
0 -1.2 TD
(2.0 + 1/12 x $19,947 x 1.25\) + $10K = $27K. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(This safeguard is clearly not cost-effective. A less expensive )Tj
0 -1.2 TD
(approach would be to record several items of information known )Tj
T*
(only to each claimant and ask the claimant to supply one or more )Tj
T*
(of these items when he requests an address change. The cost of )Tj
T*
(this safeguard would be about one man-week of programming at an )Tj
T*
(annual rate of $30K and 100% overhead or $30K x 2.0 x \(1/52\) = )Tj
T*
($1.2K. )Tj
T*
( )Tj
T*
(The ALE will be reduced by 95% to $30. )Tj
T*
( )Tj
T*
(The 5-year savings will be \($600 - $30\) x 3.79 - $1.2K = $1K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.14 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
310 0 obj[51 0 R]
endobj
311 0 obj<>
endobj
312 0 obj<>
endobj
313 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 65>>
endobj
314 0 obj<>
endobj
315 0 obj 2549
endobj
316 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(Use personal information to validate the caller's identity. Send )Tj
0 -1.2 TD
(notification of the address change to the old address. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.2.5 AUDITING/TRAINING)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Auditing Unit for each functional area of operations at the )Tj
T*
(Twoville field office reports to the general supervisor for that )Tj
T*
(functional area. All auditing is for the purpose of quality )Tj
T*
(control. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2.5-1)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Auditors in the Twoville field office report to the heads of the )Tj
T*
(units they audit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(3\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Similar concepts of split duties must be used in critical controls )Tj
T*
(and financial functions. For example, special controls involving )Tj
T*
(more than one person must be established over blank an voided )Tj
T*
(checks. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is a conflict of interest when the supervisor of a )Tj
T*
(particular function also has control over the auditing of that )Tj
T*
(function. An overly ambitious supervisor could attempt to make )Tj
T*
(the performance of his people look better than it really was by )Tj
T*
(influencing the activity of the auditors. In particular, the )Tj
T*
(supervisors can prevent the auditors form increasing the level of )Tj
0 -1.20001 TD
(surveillance of particular employees. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(It is our opinion that audit activities should be totally )Tj
0 -1.20001 TD
(independent of the function being audited. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Because there is no opportunity here for direct material gain, we )Tj
T*
(select the AFE to be .006, the low end of the range for fraud and )Tj
T*
(abuse. )Tj
T*
( )Tj
T*
(If a supervisor is able to control the auditing activity and gain )Tj
T*
(access to the auditors' detailed work schedules, he might be able )Tj
T*
(to warn claims processors that a particular day's work will be )Tj
ET
EMC
Q
endstream
endobj
317 0 obj[51 0 R]
endobj
318 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 66>>
endobj
319 0 obj 2686
endobj
320 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(reviewed so that they an be at their best performance level. )Tj
0 -1.2 TD
( )Tj
T*
(For the remainder of the time the processors would naturally tend )Tj
T*
(to put speed ahead of quality, knowing that they will not be )Tj
T*
(audited and that incentive pay is available for exceeding the )Tj
T*
(production standards. )Tj
T*
( )Tj
T*
(The result would be an excessive error rate by all affected )Tj
T*
(processors on non-audit days. It would be reasonable to assume )Tj
T*
(that the excessive errors would require half an hour per day per )Tj
T*
(processor to correct. This means that 1/2 / 8 = 1/16 of each )Tj
T*
(processor's working time would be wasted. There are approximately )Tj
T*
(180 processors \(not counting the Telephones Unit\) at the Twoville \
)Tj
T*
(and Threeville field offices. Their average pay is about $5.50 )Tj
T*
(per hour. Using the overhead rate of 25%, their total yearly cost )Tj
T*
(to SOES is 180 processors x 1.25 overhead x $5.50/hr x 8 hrs/day x )Tj
T*
(5 days/wk x 52 wks/yr = $2.5M. )Tj
T*
( )Tj
T*
(The ALE is .006 x $2.5M = $15K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to reorganize the Twoville and Threeville field )Tj
T*
(offices so that the auditors report directly to the respective )Tj
T*
(office managers. This safeguard should have a negligible one-time )Tj
T*
(cost and should reduce the ALE by 95%. )Tj
T*
( )Tj
T*
(The savings will then be \($15K - $1.5K\) = $14K per year. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.15 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(The auditors should report directly to the field office manager. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.6 TSI SUPPORT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The TSI support function at Twoville is very similar to that at )Tj
T*
(Fourville. An onsite systems analyst trainee assists the field )Tj
T*
(office staff with software problems and local hardware problems. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of the TSI )Tj
T*
(support personnel at Twoville. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.7 PERSONNEL)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
321 0 obj[51 0 R]
endobj
322 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 67>>
endobj
323 0 obj 2323
endobj
324 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Personnel Unit \(1 person currently assigned\) handles all )Tj
T*
(personnel matters for the Fourville and Twoville field offices. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.3 THREEVILLE FIELD OFFICE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville field office is currently responsible for the )Tj
T*
(direct data entry of claims as well as the correspondence )Tj
T*
(processing associated with these claims. Eventually, Threeville )Tj
T*
(will handle all aspects of the processing of these claims. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.3-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The main entrance of the Threeville field office is not monitored )Tj
T*
(during the early morning and late afternoon. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(2\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Control must also be maintained in other Unemployment Insurance )Tj
T*
(Bureau work areas over the presence of visitors, and the presence )Tj
T*
(of employees after normal working hours. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is similar to that of Finding 3.2.1.1-2. Because the )Tj
T*
(Threeville field office has other physical access control )Tj
T*
(problems, however all are treated together in Finding 2.7-4. The )Tj
T*
(risk analysis and cost-benefit analysis are omitted here as they )Tj
0 -1.20001 TD
(would be repetitive. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Ensure that the reception area is staffed at all times when the )Tj
T*
(main entrance door is unlocked. Alternatively, install a bell or )Tj
ET
EMC
Q
endstream
endobj
325 0 obj[51 0 R]
endobj
326 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 68>>
endobj
327 0 obj 2338
endobj
328 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(other signaling device which will sound when the door is opened )Tj
0 -1.2 TD
(from the outside. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.3-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Documents describing restricted access software are not given )Tj
T*
(special protection at the Threeville field office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All the Unemployment Insurance Bureau assets and related )Tj
T*
(operations must be secured against unauthorized access; this )Tj
T*
(includes sensitive data in transit within the organization. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is identical to that of Finding 3.2.1.2-4. The risk )Tj
T*
(analysis and cost-benefit analysis of that finding take both )Tj
T*
(Twoville and Threeville into account and are not repeated here. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Access to restricted software should be controlled through )Tj
0 -1.2 TD
(passwords or user security profiles, not through the secrecy of )Tj
0 -1.2 TD
(operating procedures. In the present situation, the restricted )Tj
0 -1.20001 TD
(documents should be stored in locked desks or cabinets. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(3.2.1.3.1 DATA ENTRY)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The direct data entry function is carried out by six units )Tj
T*
(currently operating under a single general supervisor. A )Tj
T*
(correspondence unit and a training and auditing unit also report )Tj
T*
(to the same supervisor. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.3.2 CORRESPONDENCE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
329 0 obj[51 0 R]
endobj
330 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 69>>
endobj
331 0 obj 2456
endobj
332 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(There is a single Correspondence Unit at Threeville which reports )Tj
T*
(to the same general supervisor as the six data entry units and the )Tj
T*
(Training and Auditing Unit. )Tj
T*
( )Tj
T*
(Problems related to correspondence processing are similar to those )Tj
T*
(at Twoville. See Section 3.2.1.2.2 for details. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.3.3 AUDITING AND TRAINING)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This unit performs quality control audits of the data entry and )Tj
T*
(correspondence functions and trains newly hired personnel in these )Tj
T*
(areas as well as in the auditing area. )Tj
T*
( )Tj
T*
(The unit reports to the same general supervisor as the six data )Tj
T*
(entry units and the Correspondence Unit. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(FINDING 3.2.1.2.3-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Correspondence Unit auditor reports directly to the head of )Tj
T*
(the Correspondence Unit at the Threeville filed office. The data )Tj
T*
(entry auditors report to the General Supervisor of the data entry )Tj
T*
(units. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(4\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Similar concepts of split duties must be used in critical control )Tj
T*
(and financial functions. For example, special controls involving )Tj
T*
(more than one person must be established over blank and voided )Tj
0 -1.20001 TD
(checks. )Tj
0 -1.2 TD
( )Tj
/T1_0 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Supervision of both an operation and the auditing of that )Tj
T*
(operation represents a conflict of interest. This finding is )Tj
T*
(similar to finding 3.2.1.2.5-1. Supervisors of operational units )Tj
T*
(should not be allowed to challenge the activities of the auditors )Tj
T*
(as they can at the Threeville field office. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The analysis is done under Finding 3.2.1.2.5-1 and is not repeated )Tj
T*
(here. )Tj
ET
EMC
Q
endstream
endobj
333 0 obj[51 0 R]
endobj
334 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 70>>
endobj
335 0 obj<>
endobj
336 0 obj 2402
endobj
337 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(See Finding 3.2.1.2.5-1 )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All auditors should report directly to the field office manager. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.3.3-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Training/Auditing supervisor must relinquish most auditing )Tj
T*
(responsibilities to the General Supervisor when training classes )Tj
T*
(are in session. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(4\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Similar concepts of split duties must be used in critical control )Tj
T*
(and financial functions. For example, special controls involving )Tj
T*
(more than one person must be established over blank and voided )Tj
T*
(checks. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The training and auditing workloads are too heavy for a single )Tj
T*
(person when training classes are in session. The General )Tj
T*
(Supervisor must assume the audit role at such times. This results )Tj
T*
(in a potentially non-uniform approach to auditing and a more )Tj
0 -1.20001 TD
(serious conflict of interest than is normally the case. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The finding is closely related to Finding 3.2.1.3.3-1. )Tj
0 -1.20001 TD
(Consequently, the risk analysis is not repeated here. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Assign the audit responsibility to a single person reporting )Tj
T*
(directly to the field office manager. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.3.4 TURNKEY SYSTEMS INC. \(TSI\) SUPPORT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(In addition to software and local hardware support, TSI provides )Tj
T*
(and staffs a data center at Threeville which is co-located with )Tj
T*
(the SOES field office. )Tj
T*
( )Tj
T*
(The data center operates two independent IBM 4341 mainframes which )Tj
ET
EMC
Q
endstream
endobj
338 0 obj[51 0 R]
endobj
339 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 71>>
endobj
340 0 obj 2901
endobj
341 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(accumulate transactions from Twoville, Threeville and Fourville as )Tj
0 -1.2 TD
(well as the other field offices and transmit them to the TSI Main )Tj
T*
(Data Center in Capitaltown. Each system can serve as backup for )Tj
T*
(the other. If the dedicated lines to Capitaltown go down, )Tj
T*
(connection can be re-established through a dial backup capability. \
)Tj
T*
(When the mainframe in Capitaltown in down, the Threeville Data )Tj
T*
(Center can continue to accept and store transactions until it is )Tj
T*
(brought online again. )Tj
T*
( )Tj
T*
(The overall systems design provides for such excellent backup that )Tj
T*
(loss of the data entry capability \(except due to power failure or )Tj
T*
(virtual destruction of the Threeville Data Center\) is extremely )Tj
T*
(unlikely. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.3.4-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The backup A/C unit for the Threeville Data Center is not )Tj
T*
(periodically tested. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(Q\)\(4\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(In the event of a disaster or disruption, the computer facility )Tj
T*
(and the backup facility must have the capability to function )Tj
T*
(normally with minimal delay or lost processing time. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The backup A/C unit is on the roof. Although there was an )Tj
T*
(instance when the main A/C unit failed and the backup unit did not )Tj
T*
(respond, the backup unit is still not subjected to periodic )Tj
T*
(testing or rotated into regular operational use. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Failure of the backup A/C unit could force a halt to operation of )Tj
0 -1.20001 TD
(the Threeville Data Center. Experience has shown that with )Tj
0 -1.2 TD
(exhaust fans, the center cent operated for about three hours after )Tj
T*
(an A/C failure. That should be sufficient time for an A/C )Tj
T*
(serviceman to fix a minor problem. Major problems requiring )Tj
T*
(special parts may take longer. We estimate that such problems )Tj
T*
(can be expected once per year and will require a full day to )Tj
T*
(repair. Most of that time would be spent awaiting the arrival of )Tj
T*
(parts. The AFE is thus 1. The loss to SOES would be 5 hours of )Tj
T*
(processing which would then have to be done in overtime. The )Tj
T*
(additional cost would be half the regular pay of about 97 DDE )Tj
T*
(processors and 16 correspondence processors. The average hourly )Tj
ET
EMC
Q
endstream
endobj
342 0 obj[51 0 R]
endobj
343 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 72>>
endobj
344 0 obj 2432
endobj
345 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(rates are about $5.85 for DDE and $6 for Correspondence. )Tj
0 -1.2 TD
( )Tj
T*
(The loss would be 5 hrs x 1.25 overhead x [\(97 data entry )Tj
T*
(processors x $5.85/hr + \(16 corr. processors x $6.00/hr\)] = $4.1K. \
)Tj
T*
( )Tj
T*
(The ALE is thus $4.1K x 1 = $4.1K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Regular testing of the backup A/C unit will eliminate the problem )Tj
T*
(entirely and will cost a negligible amount. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0. The savings will be $4.1K per )Tj
T*
(year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.16 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Test the backup A/C unit on a regular basis. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.3.4-2)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Visitor access records are not kept at the Threeville Data Center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(9\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Access to all EDP operation areas is to be controlled and a record )Tj
0 -1.20001 TD
(maintained of access by other than EDP operations personnel. )Tj
0 -1.2 TD
(\(Permanent onsite maintenance personnel and designated pickup and \
)Tj
0 -1.2 TD
(delivery personnel are considered "operations personnel". )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Without access records it is impossible to make a connection )Tj
T*
(between security violations discovered after the fact and the )Tj
T*
(presence of visitors who may have been responsible for the )Tj
T*
(violations. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Although no access records are kept, visitors to the Threeville )Tj
T*
(Data Center are few and generally have official business there. )Tj
T*
(It is very unlikely that such a visitor would attempt to cause any )Tj
T*
(harm. We assign an AFE of .001 taken from the low end of the )Tj
T*
(scale for terrorism and other destructive acts. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
346 0 obj[51 0 R]
endobj
347 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 73>>
endobj
348 0 obj 2439
endobj
349 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(Because we are examining a problem in which the presence or )Tj
0 -1.2 TD
(absence of visitor records is a determining factor, the damage )Tj
T*
(done by our hypothetical visitor would have to be such as not to )Tj
T*
(become evident until well after his departure, but this is not a )Tj
T*
(difficult matter. )Tj
T*
( )Tj
T*
(The loss to SOES would be the loss in processing time resulting )Tj
T*
(from any damage done to the Threeville Data Center. As much as )Tj
T*
(two weeks might be lost if a difficult to replace item of )Tj
T*
(equipment wee involved. )Tj
T*
( )Tj
T*
(The cost to make up these two weeks in overtime would be 1.5 )Tj
T*
(overtime x \(130 staff\) x \(1.25 overhead\) x \(2 wks\) x \(40 hrs/wk\)\
x )Tj
T*
($6/hr = $117K. )Tj
T*
( )Tj
T*
(The ALE is then $117K x .001 = $120. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Visitor access records should be kept. The cost would be )Tj
T*
(negligible for such a small data center. The savings would result )Tj
T*
(from using the access records to trace the identity of a )Tj
T*
(malefactor and obtain restitution. Part of the restitution would )Tj
T*
(be the cost of the overtime operations made necessary by the )Tj
T*
(destructive act. )Tj
T*
( )Tj
T*
(The records would reduce the ALE by only 50% because it is not at )Tj
T*
(all certain that a problem can be connected with a particular )Tj
T*
(visitor even if his identity is known. )Tj
T*
( )Tj
T*
(The new ALE is $60. The savings will be \($120 - $60\) - $0 = $60 )Tj
T*
(per year. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.17 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Keep records of visitor access to the Threeville Data Center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.3.4-3:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There are no underfloor water detectors at the Threeville Data )Tj
T*
(Center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(O\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
350 0 obj[51 0 R]
endobj
351 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 74>>
endobj
352 0 obj 2421
endobj
353 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Valuable equipment or sensitive data must be separated from )Tj
0 -1.2 TD
(hazards if other safeguards are not feasible or cost effective )Tj
T*
(\(e.g., relocate kitchen out from under computer room or tape )Tj
T*
(library away from heating plant boilers.\) )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The risk analysis for this finding is included under Finding 2.2-1 )Tj
T*
(and is not repeated here. This finding is especially significant )Tj
T*
(in light of the potential for flooding at the Threeville field )Tj
T*
(office location identified in Finding 2.2-1. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Install underfloor water detectors at the Threeville Data Center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.3.5 PERSONNEL)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Personnel services at Threeville are provided by a representative )Tj
0 -1.2 TD
(who reports to the Sixville area office of SOES. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(We found no problems in the practices and procedures of this unit. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(3.2.2 UNEMPLOYMENT INSURANCE BUREAU MANAGEMENT SERVICES)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This group oversees the generation and distribution of about 30 )Tj
T*
(periodically produced reports required by DOL/UIS and SOES. All )Tj
T*
(are derived from computer output. )Tj
T*
( )Tj
T*
(The group is also responsible for the development, maintenance and )Tj
T*
(enhancement of the detailed claims processing procedures used in )Tj
T*
(headquarters and the three field offices. )Tj
T*
( )Tj
T*
(Management Services is additionally developing and marketing two )Tj
T*
(electronic claims submission systems. One will allow employers to )Tj
ET
EMC
Q
endstream
endobj
354 0 obj[51 0 R]
endobj
355 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 75>>
endobj
356 0 obj<>
endobj
357 0 obj 2626
endobj
358 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(submit wage record data on magnetic tape. The other will allow )Tj
0 -1.2 TD
(them to submit the data online via telephone. )Tj
T*
( )Tj
T*
(Unemployment Insurance Bureau Management Services also acts as an )Tj
T*
(interface between the SOES Unemployment Insurance Bureau and TSI )Tj
T*
(for directing the CUIS development, enhancement and maintenance )Tj
T*
(functions. The group coordinates and approves change requests )Tj
T*
(within SOES, transmits them to TSI and monitors and evaluates the )Tj
T*
(resulting programming effort. )Tj
T*
( )Tj
T*
(The group is lastly responsible for the maintenance of various )Tj
T*
(computer files including employer and claimant correspondence and )Tj
T*
(the full range of edit and audit tests which are applied to all )Tj
T*
(incoming Unemployment Insurance Bureau claims. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.3 LIAISON AND EMPLOYER AUDIT AND REVIEW)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This group acts as an interface between the Unemployment Insurance )Tj
T*
(Bureau and all other organizational elements including DOL/UIS and )Tj
T*
(other SOES departments such as Accounting which provide services )Tj
T*
(to the Unemployment Insurance Bureau. )Tj
T*
( )Tj
T*
(The group also conducts fair hearings on appeals by claimants of )Tj
T*
(the handling of Unemployment Insurance Bureau claims. )Tj
T*
( )Tj
T*
(In the area of employer audit and review, the group performs )Tj
T*
(initial reviews and periodic audits. It also operates a Program )Tj
0 -1.20001 TD
(Integrity Unit to collect information on instances of fraud and )Tj
0 -1.2 TD
(abuse and pass it on to the appropriate authorities. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(3.2.3.1 EMPLOYER AUDIT AND REVIEW)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This Section consists of the Initial Employer Review Unit, )Tj
T*
(Employer Audit Unit, and the Program Integrity Unit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.3.1.1 INITIAL EMPLOYER REVIEW UNIT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
359 0 obj[51 0 R]
endobj
360 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 76>>
endobj
361 0 obj<>
endobj
362 0 obj 2768
endobj
363 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(This unit collects profile, staffing and salary data on new )Tj
0 -1.2 TD
(employers and enters it into the computer system through CUIS. A )Tj
T*
(profile analysis program then compares this data to statistical )Tj
T*
(averages of data initially supplied by employers later caught in a )Tj
T*
(variety of fraudulent schemes. The program assigns a risk code )Tj
T*
(which then controls the triggering of future reviews of the )Tj
T*
(employer. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.3.1.2 EMPLOYER AUDIT UNIT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This unit carries out reviews of wage record reporting and tax )Tj
T*
(payments which fail the CUIS audit criteria and of claims )Tj
T*
(involving employers who are on review because of suspected )Tj
T*
(irregularities in their tax payment procedures. )Tj
T*
( )Tj
T*
(When a discrepancy is found, the employer involved may be referred )Tj
T*
(to a reviewer, placed on chargeable claims review, or referred to )Tj
T*
(Program Integrity. Alternatively, recoupment action may be )Tj
T*
(initiated or consultation may be sought with the offending )Tj
T*
(claimant. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.3.1.2-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(It would be possible for a reviewer to form a conspiracy for )Tj
0 -1.2 TD
(purposes of fraud with an employer for who he's responsible. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RELATED CONTROL STANDARD 5137\(C\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. For example, a computer console operator should )Tj
T*
(not be allowed to write programs and introduce them into the )Tj
T*
(system, or to introduce any programs not authorized by someone )Tj
T*
(responsible for internal control, such as the tape librarian. )Tj
T*
( )Tj
T*
(Further examples of duties that should not be assigned the same )Tj
T*
(employee at the same time are scheduling, operating, programming, )Tj
T*
(storage, and the library functions; nor should employees be )Tj
T*
(allowed to perform unassigned duties that might increase their )Tj
T*
(range of activities. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
364 0 obj[51 0 R]
endobj
365 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 77>>
endobj
366 0 obj 2568
endobj
367 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(In most situations, a SOES employer reviewer could not conspire )Tj
T*
(with an outsider to process claims in a fraudulent manner because )Tj
T*
(he could not guarantee that the fraudulent claims would be )Tj
T*
(assigned to him for review. )Tj
T*
( )Tj
T*
(However, for some industries, there is only one reviewer assigned. \
)Tj
T*
(When a claim deals with a particular industry, the one qualified )Tj
T*
(reviewer is assured of processing it. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The potential for fraud here is estimated at $100K per year. This )Tj
T*
(figure is obtained by estimating the size and number of claims )Tj
T*
(that would be fraudulently processed in the course of a year. )Tj
T*
(Small claims would not be worth the effort. An excessive number )Tj
T*
(of claims would be dangerous. We have estimated 1000 claims per )Tj
T*
(year at $100 each. )Tj
T*
( )Tj
T*
(Because of the need for a conspiracy in this case, an AFE of .006 )Tj
T*
(has been chosen, the low end of the range for fraud and abuse. )Tj
T*
( )Tj
T*
(The ALE is $100K x .006 = $600. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Ensure that more than one reviewer is available for each industry. )Tj
T*
(This will create an effective separation of duties in that no one )Tj
T*
(person will then have full control over one particular aspect of )Tj
T*
(employer review. )Tj
T*
( )Tj
T*
(The cost of adding reviewer staff should be negligible as all are )Tj
0 -1.20001 TD
(paid on the basis of work done, not as full-time employees of )Tj
0 -1.2 TD
(SOES. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(This safeguard should reduce the AFE by 75%. Even with additional )Tj
0 -1.2 TD
(reviewers, some claims will find their way to a conspirator. )Tj
T*
(Those that do not will most likely be denied if they are )Tj
T*
(unjustified. )Tj
T*
( )Tj
T*
(Because of this possibility of denial, fraudulent claims will have )Tj
T*
(to be more subtly prepared and less frequently submitted. The new )Tj
T*
(ALE would be 200 claims by $100 claim x \(.006 x .25\) = $30. )Tj
T*
( )Tj
T*
(The savings will be \($600 - $30\) = $570. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
368 0 obj[51 0 R]
endobj
369 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 78>>
endobj
370 0 obj 2385
endobj
371 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(See the risk analysis worksheets in Section B.18 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide more than one possible processor for each aspect of claims )Tj
T*
(processing. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3.1.3 PROGRAM INTEGRITY)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Program Integrity collects information from all available sources )Tj
T*
(concerning fraud and abuse in the Unemployment Insurance program. )Tj
T*
(About 440 cases per year are handled. Of these, 380 prove to be )Tj
T*
(false alarms. The remaining 60 are reported to the State )Tj
T*
(Department of Justice \(SDOJ\). Of these, 10 are eventually cleared \
)Tj
T*
(and SDOJ directs SOES to pursue recoupment in the other 50. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3.2 LIAISON)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This group acts as an interface between the Unemployment Insurance )Tj
T*
(Bureau and other organizational elements having dealings with or )Tj
T*
(providing services to the Unemployment Insurance Bureau. This )Tj
0 -1.20001 TD
(includes other SOES departments, DOL/UIS and other external )Tj
0 -1.2 TD
(groups. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(The group also processes appeals of Unemployment Insurance Bureau )Tj
0 -1.2 TD
(claims dispositions through the Fair Hearings Section. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3.2.1 LIAISON)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This section provides the interface with other elements described )Tj
T*
(in Section 3.2.3.2. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3.2.2 FAIR HEARINGS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
372 0 obj[51 0 R]
endobj
373 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 79>>
endobj
374 0 obj 2472
endobj
375 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(This section processes appeals of claim dispositions by )Tj
T*
(Unemployment Insurance Bureau claimants and payees. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.4 EMPLOYER TAX RECORDS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This office serves all of SOES's programs. It maintains an )Tj
T*
(integrated Master Employer File which contains information about )Tj
T*
(employers. The office is responsible for deleting employers as )Tj
T*
(well as updating information on employers already in the file. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.4-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is no effective control to ensure that employers who cease )Tj
T*
(doing business or leave the area are purged from the Master )Tj
T*
(Employer File. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(B\)\(3\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Unemployment Insurance Bureau must establish a retention )Tj
T*
(schedule monitoring procedure for all UI data. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Employers who remain on the master file although they are no )Tj
T*
(longer active in the area could be impersonated by individuals )Tj
T*
(attempting to defraud the Unemployment Insurance Bureau benefit )Tj
0 -1.20001 TD
(payment fund. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Currently, employers are removed from the file as a result of )Tj
0 -1.20001 TD
(returned mail and information received from employer review field )Tj
0 -1.2 TD
(contacts. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Lists of employers who have ceased doing business in the State and )Tj
T*
(are potentially still on the Master Employer File can be obtained )Tj
T*
(in a variety of ways requiring only a little ingenuity and effort. \
)Tj
T*
(For example, most telephone books have lists of employers by trade )Tj
T*
(in the Yellow Pages. A comparison of the current and previous )Tj
T*
(editions would provide the desired information. )Tj
ET
EMC
Q
endstream
endobj
376 0 obj[51 0 R]
endobj
377 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 80>>
endobj
378 0 obj<>
endobj
379 0 obj 2600
endobj
380 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(An inquiry to SOES by a concerned claimant might then confirm that )Tj
T*
(an employer is still on file. )Tj
T*
( )Tj
T*
(Continuing in this fashion, it would be possible to acquire all )Tj
T*
(the information necessary to use a departed employer for the )Tj
T*
(purpose of filing phoney claims. )Tj
T*
( )Tj
T*
(As before, a reasonable tradeoff on the total number and size of )Tj
T*
(claims filed in this manner would be about 1,000 claims per year )Tj
T*
(at $100 per claim or $100K per year. The middle of the frequency )Tj
T*
(scale for fraud and abuse yields an AFE of .03. )Tj
T*
( )Tj
T*
(The ALE is then $100K x .03 = $3K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to devise a set of procedures to ensure the )Tj
T*
(currency of the Master Employer File. This might include periodic )Tj
T*
(verifications that employers are still doing business in The State )Tj
T*
(and could be done on the basis of the potential for fraud )Tj
T*
(presented by the dollar volume of Unemployment Insurance Bureau )Tj
T*
(claims being filed by the terminated employees of particular )Tj
T*
(employers. We estimate that this safeguard would cost two staff- )Tj
T*
(weeks of development effort at the grade 32 level and one hour per )Tj
T*
(day of CRT operations at the OE level to process the verification )Tj
T*
(transactions. )Tj
T*
( )Tj
0 -1.20001 TD
(The cost would be 1.25 overhead x 80 hrs x $10.44/hr = $1K for )Tj
0 -1.2 TD
(development \(one-time\) and 1.25 overhead x 5 days/wk x52 weeks x 1 \
)Tj
0 -1.2 TD
(hr/day x $7.45/hr = $2.4K per year for verification processing. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The ALE will be reduced by 90% to $300. )Tj
T*
( )Tj
T*
(The 5-year savings will be 3.79 x $3K - 3.79 x $300 - 3.79 x $2.4K )Tj
T*
(- $1K = $160. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.19 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Investigate ways to improve the accuracy and currency of the )Tj
T*
(Master Employer File. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.4-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Although signatures are required on documents requesting Master )Tj
ET
EMC
Q
endstream
endobj
381 0 obj[51 0 R]
endobj
382 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 81>>
endobj
383 0 obj 2616
endobj
384 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(Employer File updates, the signatures are not verified. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(K\)\(5\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Establish appropriate controls over all sensitive data entering or )Tj
T*
(leaving the facility, employing a system that will preclude )Tj
T*
(erroneous or unauthorized transfer of data, regardless of media or )Tj
T*
(format. These controls must include the maintenance of a record )Tj
T*
(for the logging of shipping and receipts, and periodic )Tj
T*
(reconciliation of these records. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Without verification, impostors could cause changes to be made to )Tj
T*
(the Master employer File which result in funds being diverted from )Tj
T*
(the intended recipients. Signature verification does not require )Tj
T*
(professional handwriting analysis. It is done as a matter of )Tj
T*
(course by store clerks who receive checks from customers. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This finding goes hand-in-hand with Finding 3.2.4-1 above. Once a )Tj
T*
(swindler determines the name of an employer he can exploit, he )Tj
T*
(must either change the employer's address so that the can control )Tj
T*
(correspondence with SOES. The approach he takes will depend on )Tj
T*
(whether or not he has access to legitimate Unemployment Insurance )Tj
T*
(Bureau claimants as well as other considerations. )Tj
T*
( )Tj
T*
(We feel that the two findings are so closely related that separate )Tj
T*
(risk analyses would unreasonably inflate the loss potential )Tj
T*
(associated with inadequacies in Master Employer File management. )Tj
T*
(Consequently, the quantification of this finding is included in )Tj
0 -1.20001 TD
(finding 3.2.4-1. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Verify signatures on Master Employer File update requests. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.3 TURNKEY SYSTEMS INC. SOFTWARE SUPPORT \(HEADQUARTERS\))Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
385 0 obj[51 0 R]
endobj
386 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 82>>
endobj
387 0 obj 3021
endobj
388 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(This TSI group operates under Unemployment Insurance Bureau )Tj
0 -1.2 TD
(contract to provide all software support services for the )Tj
T*
(Comprehensive Unemployment Insurance System \(CUIS\). CUIS consists \
)Tj
T*
(of a number of online and batch subsystems. There are about 1,680 )Tj
T*
(modules in CUIS, 70% of which are in assembly language and 30% in )Tj
T*
(COBOL. Altogether, there are about 4.2 million lines of source )Tj
T*
(code in CUIS. )Tj
T*
( )Tj
T*
(The TSI Software Support Group consists of three )Tj
T*
(development/maintenance teams in capitalville, three teams in )Tj
T*
(Sevenville, an Industrial Engineer, a Customer Support Unit which )Tj
T*
(provides onsite technical assistance in the field offices and the )Tj
T*
(Threeville Data Center staff. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.3-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is no effective separation between CUIS development, testing )Tj
T*
(and maintenance activities and production operations. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(1\): )Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. For example, a computer console operator should )Tj
T*
(not be allowed to write programs and introduce them into the )Tj
T*
(system, or to introduce programs not authorized by someone )Tj
T*
(responsible for internal control, such as a tape librarian. )Tj
T*
(Further examples of duties that should not be assigned the same )Tj
0 -1.20001 TD
(employee at the same time are scheduling, operating, programming, )Tj
0 -1.2 TD
(storage, and the library functions; nor should employees be )Tj
0 -1.2 TD
(allowed to perform unassigned duties that might increase the range )Tj
0 -1.20001 TD
(of their activities. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(3\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Test data must not contain actual information which can be linked )Tj
T*
(to specific individuals. If old files containing personal data )Tj
T*
(are used, names, addresses, and other identifiers must be modified )Tj
T*
(to make the personal data meaningless, unless a parallel )Tj
T*
(production run is being performed using live data. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Separation of duties is an important control which can be used to )Tj
T*
(hinder fraud and abuse by employees. It requires that no single )Tj
T*
(employee be given )Tj
/T1_1 1 Tf
(all)Tj
/T1_0 1 Tf
( the authorities that would be )Tj
T*
(necessary to transfer assets outside the organization or to make )Tj
ET
EMC
Q
endstream
endobj
389 0 obj[51 0 R]
endobj
390 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 83>>
endobj
391 0 obj 2830
endobj
392 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(changes in operational procedures or the controls over operational )Tj
0 -1.2 TD
(procedures. )Tj
T*
( )Tj
T*
(If a single employee had the ability to write a check on Bureau )Tj
T*
(funds, for example, he could convert those funds to his own use. )Tj
T*
( )Tj
T*
(If a single employee had the authority to modify the code of the )Tj
T*
(CUIS system )Tj
/T1_1 1 Tf
(and)Tj
/T1_0 1 Tf
( to enter transactions which would result )Tj
T*
(in the payment of Unemployment Insurance Bureau benefits, he )Tj
T*
(could easily arrange for his own fraudulent claims to by pass )Tj
T*
(edits and audits and be paid. )Tj
T*
( )Tj
T*
(If, however, such critical duties and authorities are split among )Tj
T*
(two or more employees, collusion will be required in order to )Tj
T*
(defraud the organization successfully. If is always more )Tj
T*
(difficult to effect a criminal partnership than to operate alone. )Tj
T*
(One can never be certain that a co-worker will not immediately )Tj
T*
(report an attempt to solicit his assistance in a criminal venture. )Tj
T*
( )Tj
T*
(Even if a partnership can be successfully formed, all parties must )Tj
T*
(be constantly concerned about the possibility of being double- )Tj
T*
(crossed or betrayed. )Tj
T*
( )Tj
T*
(The issue of this finding is that separation of duties is not )Tj
T*
(effectively used to isolate software development, maintenance and )Tj
T*
(testing activities from production operations. )Tj
T*
( )Tj
T*
(It is generally accepted good practice to assure that all )Tj
T*
(production software is approved by two or more )Tj
T*
(development/maintenance analysts prior to being placed into )Tj
T*
(production and that one in production those analysts be restricted )Tj
T*
(from further modifying the software. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The development/maintenance personnel should at no time have )Tj
0 -1.2 TD
(access to the production data files. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Modifications should be triggered only by an assessment from the )Tj
T*
(use or production operations personnel that the software is not )Tj
T*
(functioning properly or that changes are required. )Tj
T*
( )Tj
T*
(When such an assessment is made, copies of the affected production )Tj
T*
(software modules should be passed by production operations to )Tj
T*
(development/maintenance personnel. The same formal approval cycle )Tj
T*
(is then used again in returning these modules to production after )Tj
T*
(they have been modified and tested. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
393 0 obj[51 0 R]
endobj
394 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 84>>
endobj
395 0 obj 3122
endobj
396 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(In the case of SOES Unemployment Insurance Bureau Operations, the )Tj
0 -1.2 TD
(TSI personnel who develop, maintain and test CUIS also have full )Tj
T*
(access to the operational Unemployment Insurance Bureau data )Tj
T*
(files. It is also possible for a single TSI analyst to make code )Tj
T*
(modifications to CUIS without review by a second party. Although )Tj
T*
(the analyst could not personally inert the modifications into the )Tj
T*
(production software library directly, he could obtain all the )Tj
T*
(necessary approvals based on his word and on the success of )Tj
T*
(testing. )Tj
T*
( )Tj
T*
(It would thus be possible for a software analyst to make )Tj
T*
(surreptitious changes to CUIS which would leave CUIS with its full )Tj
T*
(intended functionality but which would also allow the analyst to )Tj
T*
(subvert the system under circumstances known only to him. We do )Tj
T*
(not mean to imply that any personnel currently working with CUIS )Tj
T*
(would abuse their position in this way. We do mean to state that )Tj
T*
(the controls necessary to prevent such an abuse of trust are not )Tj
T*
(present. )Tj
T*
( )Tj
T*
(As an example of how an unscrupulous software analyst might )Tj
T*
(proceed, consider the following scenario. The analyst, intent on )Tj
T*
(defrauding the system; uses his knowledge of CUIS to determine )Tj
T*
(what kinds of changes would help him and where in CUIS those )Tj
T*
(changes would have to be applied. After forming a list of such )Tj
T*
(potential changes, he waits until he is assigned a small )Tj
T*
(maintenance task \(one not likely to be reviewed by other analysts\) \
)Tj
T*
(involving the module or modules he wishes to change. He then )Tj
T*
(makes the required changes as well as his own secret changes. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The secret changes will be such that they will have no effect on )Tj
0 -1.2 TD
(CUIS operation unless invoked by a predetermined pattern of claims )Tj
0 -1.20001 TD
(data, a special codeword entered at a CRT terminal or some other )Tj
0 -1.2 TD
(circumstance unlikely to arise by chance. )Tj
T*
( )Tj
T*
(Consequently, testing will not reveal the presence of the secret )Tj
T*
(changes. Because the changes are not desk-checked by a second )Tj
T*
(analyst, they will not be discovered and will be installed in the )Tj
T*
(production CUIS system. )Tj
T*
( )Tj
T*
(The analyst can then use his ability to enter transactions into )Tj
T*
(the production CUIS system to put his secret changes to work. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Because of the lack of separation of access to CUIS production )Tj
T*
(software and Unemployment Insurance Bureau data files, the )Tj
T*
(Unemployment Insurance Bureau benefit fund is vulnerable to fraud )Tj
ET
EMC
Q
endstream
endobj
397 0 obj[51 0 R]
endobj
398 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 85>>
endobj
399 0 obj<>
endobj
400 0 obj 2515
endobj
401 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(and abuse by software support personnel. )Tj
0 -1.2 TD
( )Tj
T*
(The loss potential in this case is th full $500K reported by the )Tj
T*
(FBI to be the average loss resulting from a computer fraud. We )Tj
T*
(use the higher figure here because of the unique potential for )Tj
T*
(abuse resulting from the accessibility of both CUIS programs and )Tj
T*
(Unemployment Insurance Bureau data files. )Tj
T*
( )Tj
T*
(The AFE taken from the middle of the range of frequencies for )Tj
T*
(fraud and abuse is .03. )Tj
T*
( )Tj
T*
(The ALE is $500K x .03 = $15K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to apply the principle of separation of )Tj
T*
(duties. TSI software support personnel should have full access to )Tj
T*
(the development version of the CUIS software but not to the )Tj
T*
(production version and not to the production Unemployment )Tj
T*
(Insurance Bureau data files. )Tj
T*
( )Tj
T*
(Data file access should be limited to SOES personnel and/or TSI )Tj
T*
(personnel who do not have access to the CUIS software. )Tj
T*
( )Tj
T*
(Achieving the goal of separation of duties in the software area )Tj
T*
(will require an analysis of the present situation, a plan for )Tj
T*
(realignment of activities and possibly some additional staff time. )Tj
T*
( )Tj
T*
(We estimate the cost to be 3 staff-months of analysis and planning )Tj
T*
(and one staff member quarter-time to coordinate software support )Tj
T*
(with data file access. )Tj
T*
( )Tj
0 -1.20001 TD
(We have used a salary of $30K and 100% overhead for the analysis )Tj
0 -1.2 TD
(and planning task and a grade 30 salary with 25% overhead for the )Tj
0 -1.2 TD
(coordination tasks. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The safeguard thus has a one-time cost of 1/4 yr x 2.0 overhead x )Tj
T*
($30K/yr = $15 and a continuing cost of 1/4 yr x 1.25 overhead x )Tj
T*
($19,947/yr = $6.2K. )Tj
T*
( )Tj
T*
(The ALE should be reduced by 90% to $1.5K. )Tj
T*
( )Tj
T*
(The 5-year savings will be 3.79 x \($15k - $1.5K\) - 3.79 x $6.2K - \
)Tj
T*
($15K = $13K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.20 of Appendix B. )Tj
ET
EMC
Q
endstream
endobj
402 0 obj[51 0 R]
endobj
403 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 86>>
endobj
404 0 obj 2555
endobj
405 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the effective separation of the development )Tj
T*
(maintenance and testing of application systems and the production )Tj
T*
(operation of those systems. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.3-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(It is possible for a single person to carry out all steps )Tj
T*
(necessary to insert a software modification into the production )Tj
T*
(CUIS system without independent review. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. For example, a computer console operator should )Tj
T*
(not be allowed to write programs not authorized by someone )Tj
T*
(responsible for internal control, such as the tape librarian. )Tj
T*
(Further examples of duties that should not be assigned to the same )Tj
T*
(employee at the same time are scheduling, operating, programming, )Tj
T*
(storage, and library functions; nor should employees be allowed to )Tj
T*
(perform unassigned duties that might increase the range of their )Tj
T*
(activities. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(This finding actually represents one aspect of Finding 3.3-1 )Tj
0 -1.2 TD
(above. It is listed separately because it can be addressed )Tj
0 -1.2 TD
(separately. However, for risk analysis purposes, this finding )Tj
0 -1.20001 TD
(will be treated as part of Finding 3.3-1. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Ensure that all changes, additions and deletions to production )Tj
T*
(CUIS software are reviewed by at least one analyst not involved in )Tj
T*
(their preparation. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.3-3:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Journalization of CUIS transactions is incomplete. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(H\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Every attempt to update the data file must be logged to both the )Tj
T*
(location and the individual doing the updating. The log or the )Tj
ET
EMC
Q
endstream
endobj
406 0 obj[51 0 R]
endobj
407 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 87>>
endobj
408 0 obj 2502
endobj
409 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(journal must show what information was changed and the date. Such )Tj
0 -1.2 TD
(journals must be periodically reviewed: )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(To provide for full data integrity it is necessary that every data )Tj
T*
(item be traceable form its time of original entry, through all )Tj
T*
(intermediate changes up to whatever time an inquiry is made. This )Tj
T*
(means that every transaction resulting in a change to the data )Tj
T*
(item must be recorded along with the ID of the person entering it. )Tj
T*
( )Tj
T*
(This transaction journal file must be maintained for as long as it )Tj
T*
(is intended that the integrity of the related data be accountable. )Tj
T*
( )Tj
T*
(We were informed that the 10 most recent modifications to a SOES )Tj
T*
(Unemployment Insurance Bureau claim are journalized indefinitely )Tj
T*
(and that less than 1% of claims would undergo so much change that )Tj
T*
(information would be lost. )Tj
T*
( )Tj
T*
(It is our opinion that journalization should be complete. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The fact that only the 10 most recent changes are saved could be )Tj
T*
(used to hide fraudulent changes. The procedure would be to make )Tj
T*
(the fraudulent change and then make 10 legitimate changes. )Tj
T*
( )Tj
T*
(Such an approach could not be used too frequently because a )Tj
T*
(pattern of claims with excessive changes would result and might be )Tj
T*
(detected and investigated. )Tj
T*
( )Tj
T*
(This technique of suppressing journalization is one of a number of )Tj
0 -1.20001 TD
(techniques which might support fraudulent activity by software )Tj
0 -1.2 TD
(support personnel \(Finding 3.3-1\) or by claims processors \(Finding \
)Tj
0 -1.2 TD
(3.2.1.1.2-1\). )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(A separate risk analysis of this finding would be repetitive and )Tj
T*
(has thus not been done. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for complete journalization of CUIS transactions. )Tj
ET
EMC
Q
endstream
endobj
410 0 obj[51 0 R]
endobj
411 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 88>>
endobj
412 0 obj 2688
endobj
413 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(FINDING 3.3-4:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Restricted CUIS subsystems are protected by secret clerk numbers )Tj
T*
(coded into the software. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(12\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords must not be displayed on the video display terminals or )Tj
T*
(hardcopy devices. Ensure that computer operators, acting without )Tj
T*
(authority, are not able to display user programs or circumvent )Tj
T*
(security mechanisms. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The use of secret clerk numbers would not constitute a problem all )Tj
T*
(by itself. The coding of the secret numbers directly into )Tj
T*
(application software modules does constitute a problem, however. )Tj
T*
(It results in the need to protect the source code of those modules )Tj
T*
(much more stringently than would otherwise be required. )Tj
T*
( )Tj
T*
(It is normally necessary to protect source code from long term )Tj
T*
(access by unauthorized persons in order to prevent those persons )Tj
T*
(from becoming sufficiently familiar with the structure of the )Tj
T*
(software to plan an attack against it. )Tj
T*
( )Tj
T*
(However, secret clerk numbers can be picked out of a source code )Tj
T*
(listing very rapidly by an experienced analyst. Source code )Tj
0 -1.20001 TD
(containing such secret data must then be protected from very short )Tj
0 -1.2 TD
(term access by unauthorized parties. This of course means that )Tj
0 -1.2 TD
(listings cannot be left unattended on desks for short periods of )Tj
0 -1.20001 TD
(time. )Tj
0 -1.2 TD
( )Tj
T*
(Whether or not it contains secret codewords, the source version of )Tj
T*
(production software should not be readable by all system users. )Tj
T*
(The privilege of reading as well as writing production source )Tj
T*
(should be restricted to those with a need to do so. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This finding concerns a weakness which could be exploited by )Tj
T*
(anyone with a knowledge of CUIS and read access to CUIS source. A )Tj
T*
(separate risk analysis of this finding would be repetitive because )Tj
T*
(of its close relationship to Finding 3.3-1. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
414 0 obj[51 0 R]
endobj
415 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 89>>
endobj
416 0 obj 2240
endobj
417 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Use the ACF2 Security Software to protect restricted CUIS modules )Tj
T*
(where possible. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(FINDING 3.3-5:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The CUIS Software Support Group does not enforce periodic changes )Tj
T*
(of passwords and permits the selection of passwords with mnemonic )Tj
T*
(value. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(11\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords must be modified at periodic unannounced intervals, when )Tj
T*
(an individual changes positions, and when a security breach is )Tj
T*
(suspected. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords with mnemonic value are much more easily guessed than )Tj
T*
(random passwords. Passwords should be selected through the use of )Tj
T*
(random number generators. The resulting character strings can be )Tj
T*
(selected in such a way that they are pronounceable but should )Tj
T*
(consist of nonsense syllables only. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This is another vulnerability which can be exploited by persons )Tj
T*
(familiar with CUIS software and data who have access to )Tj
T*
(Unemployment Insurance Bureau CRTs. The risk analysis of this )Tj
T*
(finding is contained in that of Finding 3.3-1 and is not repeated )Tj
T*
(here. )Tj
0 -1.20001 TD
( )Tj
/T1_0 1 Tf
0 -1.2 TD
(SUGGESTEED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(N/A )Tj
0 -1.2 TD
( )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Enforce periodic changes of passwords. Do not allow the use of )Tj
T*
(passwords with mnemonic value \(other than perhaps )Tj
T*
(pronounceability\). )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(FINDING 3.3-6:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(CUIS is not supported to the fullest extent possible by ACF2. )Tj
ET
EMC
Q
endstream
endobj
418 0 obj[51 0 R]
endobj
419 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 90>>
endobj
420 0 obj<>
endobj
421 0 obj 2342
endobj
422 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(RELATED CONTROL STANDARD 5137\(J\)\(7\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The supervisory mode of the on-line system must be limited to )Tj
T*
(terminals restricted for supervisory use, and not be available to )Tj
T*
(all terminals. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(To provide access control, secret clerk Ids have been coded into )Tj
T*
(some of the CUIS modules, a much less desirable alternative than )Tj
T*
(having system software responsible for the management and storing )Tj
T*
(of passwords. \(see Finding 3.3-4.\) )Tj
T*
( )Tj
T*
(ACF2 should be used to control access to the various capabilities )Tj
T*
(of CUIS by claims processors. )Tj
T*
( )Tj
T*
(Because this finding is closely related to Finding 3.3-1, a )Tj
T*
(separate risk analysis would be repetitive. The finding is stated )Tj
T*
(as it is here because it provides a different viewpoint for the )Tj
T*
(same problem. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Use AFC2 to serve all the security needs of online CUIS )Tj
T*
(subsystems. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.3.1 FE TEAM)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(This is the first of the three Capitaltown-based CUIS )Tj
0 -1.2 TD
(development/maintenance teams. It is responsible for the front )Tj
T*
(end \(FE\) or online claims processing software. )Tj
T*
( )Tj
T*
(We found no problems which were unique to the FE Team. Problems )Tj
T*
(common to all teams are discussed in Section 3.3 above. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.3.2 B TEAM)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This is the second of the Capitaltown-based CUIS )Tj
T*
(development/maintenance teams. It is responsible for batch \(B\) )Tj
T*
(claims processing software. )Tj
T*
( )Tj
T*
(We found no problems unique to the B team. Problems common to all )Tj
ET
EMC
Q
endstream
endobj
423 0 obj[51 0 R]
endobj
424 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 91>>
endobj
425 0 obj 2478
endobj
426 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(teams are discussed in Section 3.3 above. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(3.3.3 SYSTEM SUPPORT)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This is the third of the Capitaltown-based CUIS )Tj
T*
(development/maintenance teams. Because it is responsible for the )Tj
T*
(software which supports the Master Employer File, this team serves )Tj
T*
(all SOES activities, not just the Unemployment Insurance Bureau. )Tj
T*
(The team also maintains the Unemployment Insurance Bureau )Tj
T*
(disbursement profiles, the complex tables of payments which will )Tj
T*
(be authorized for each category of benefit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.4 TURNKEY SYSTEMS INC. MAIN DATA CENTER)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The TSI Main Data Center in Capitaltown serves government and )Tj
T*
(commercial customers across the State. About 20% of the center's )Tj
T*
(business is the SOES Unemployment Insurance Bureau. Other )Tj
T*
(customers include banks, retailers and other government agencies. )Tj
T*
( )Tj
T*
(The center operates two IBM 3033 mainframes, either of which can )Tj
T*
(handle the complete online CUIS load. )Tj
T*
( )Tj
T*
(The data center staff covers all functional areas involved in the )Tj
T*
(operation of a modern large-scale computer department. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.4.1 MAIN DATA CENTER SECURITY)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(This is a staff position reporting to the Operations Manager. The )Tj
0 -1.2 TD
(position covers all aspects of physical security for the data )Tj
0 -1.20001 TD
(center. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(C02 is in use in the data center as a fire suppressant. It is )Tj
T*
(potentially harmful to personnel. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(1\)\(c\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Avoid the use of carbon dioxide area extinguishing systems since )Tj
T*
(they present a significant safety hazard. )Tj
ET
EMC
Q
endstream
endobj
427 0 obj[51 0 R]
endobj
428 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 92>>
endobj
429 0 obj 2688
endobj
430 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The CO2 for this system is stored in metal tanks in the utility )Tj
T*
(room containing the three motor-generators. It is set to )Tj
T*
(discharge under the raised floor of the main computer room. Seven )Tj
T*
(times the total amount of C02 available would be required to )Tj
T*
(protect the entire computer room. By design, there is only enough )Tj
T*
(to protect the underfloor area. There would be no protection , )Tj
T*
(other than hand-held extinguishers against a major above-floor )Tj
T*
(fire. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES might occur through a lawsuit brought by the )Tj
T*
(estate of a person who is trapped in the data center during the )Tj
T*
(release of C02 and suffocates. )Tj
T*
( )Tj
T*
(The AFE for such a loss is the product of two frequency estimates: \
)Tj
T*
(the estimate for fires which set off the C02 extinguishing system )Tj
T*
(and the estimate for a person being trapped and succumbing given )Tj
T*
(that a fire breaks out and the C02 is released. )Tj
T*
( )Tj
T*
(From national statistics in Appendix A, the AFE for a serious fire )Tj
T*
(is .01. )Tj
T*
( )Tj
T*
(Several factors have a bearing on the likelihood of a person being )Tj
T*
(trapped. The C02 is released under the floor and because its )Tj
0 -1.20001 TD
(density is greater than that of air, will tend to stay there. The )Tj
0 -1.2 TD
(regular data center staff has been warned about the danger. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(On the other hand, the C02 releasing system is pressurized and )Tj
0 -1.2 TD
(will thus tend to force the gas to rise above the floor. Also, )Tj
T*
(visitors are not routinely warned of the danger. )Tj
T*
( )Tj
T*
(We feel that the likelihood of a person being trapped and )Tj
T*
(suffocating under these circumstances very small. An AFE of .001 )Tj
T*
(has been assigned. )Tj
T*
( )Tj
T*
(The loss, if it occurs, would be on the order of $1M in damage )Tj
T*
(awards and $20K in legal fees. The ALE is thus $1M x .01 x .001 = )Tj
T*
($10. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to convert the fire suppression system from C02 )Tj
T*
(to halon 1301. Halon can be used at a level of concentration that )Tj
ET
EMC
Q
endstream
endobj
431 0 obj[51 0 R]
endobj
432 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 93>>
endobj
433 0 obj 2365
endobj
434 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(will extinguish fires but will not injure personnel. The cost of )Tj
0 -1.2 TD
(this is estimated at $20K. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0. )Tj
T*
( )Tj
T*
(The safeguard is not cost-effective, but some change away from C02 )Tj
T*
(is advised. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.21 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide full flood halon protection for the entire data center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is no visitor sign-in policy at the data center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(9\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Access to all EDP operations areas is to be controlled and a )Tj
T*
(record maintained of access by other than the EDP operations )Tj
T*
(personnel. \(Permanent onsite maintenance personnel and designated \
)Tj
T*
(pickup and delivery personnel are considered "operations )Tj
T*
(personnel\). )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Records of visitor access to the data center should be recorded at )Tj
T*
(all times. Whereas regular employees are all likely to enter the )Tj
T*
(data center during normal working hours, only an access control )Tj
T*
(log can provide a complete record of visitors. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Criteria for escorting visitors should also be established. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(This finding is related to the problem of controlling physical )Tj
T*
(access to the data center. If an unauthorized person were able to )Tj
T*
(enter he could steal equipment or data and/or do damage to the )Tj
T*
(facility which would interrupt computer operations for as much as )Tj
T*
(four weeks. )Tj
T*
( )Tj
T*
(A number of other findings deal with vulnerabilities which could )Tj
T*
(lead to unauthorized access to the data center. All such findings )Tj
T*
(are assessed collectively here. )Tj
ET
EMC
Q
endstream
endobj
435 0 obj[51 0 R]
endobj
436 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 94>>
endobj
437 0 obj 2602
endobj
438 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(The loss to SOES if this were to occur would be greatest if it led )Tj
T*
(to a disaster causing a four week shutdown of operations. The )Tj
T*
(cost of such a shutdown would be the cost of overtime necessary to )Tj
T*
(catch up after operations were restored. This cost would be 1.5 )Tj
T*
(overtime x 260 processors x $6/hr x 40 hrs/wk x 4 wks x 1.25 )Tj
T*
(overhead = $470K. )Tj
T*
( )Tj
T*
(The AFE for such an event is taken from the national statistics on )Tj
T*
(destructive acts. It is unlikely that an intruder could simply )Tj
T*
(walk into the data center without advance planning and )Tj
T*
(preparation. The existing access control vulnerabilities require )Tj
T*
(skill and daring to exploit and have led us to choose an AFE at )Tj
T*
(the low end of the range. This AFE is 1. )Tj
T*
( )Tj
T*
(The ALE is then $470 x 1 = $40K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard needed here is a tightening of data center access )Tj
T*
(controls. )Tj
T*
( )Tj
T*
(The blue badge stripe authorizing data center access should be )Tj
T*
(replaced with a more difficult to duplicate token placed entirely )Tj
T*
(under the lamination. Attempts to remove this token from a badge )Tj
T*
(should result in its mutilation. )Tj
T*
( )Tj
T*
(Records of al visitor access to the data center should be )Tj
0 -1.20001 TD
(maintained. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(Requests to sign out tapes from the media library should be )Tj
0 -1.20001 TD
(validated. )Tj
0 -1.2 TD
( )Tj
T*
(The cost of these safeguards should not exceed 3-staff months to )Tj
T*
(define and plan and one staff-day per week to implement. Using a )Tj
T*
(salary level of $30K per year for planning and $18K per year for )Tj
T*
(implementation, and an overhead factor of 100% \(typical for )Tj
T*
(contractors\), the one-time cost will be 1/4 yr x \(2.0 overhead\) x \
)Tj
T*
($30K/yr = $15K. The recurring cost will be 1/5 yr x \(2.0 )Tj
T*
(overhead\) x $18K/yr = $7.2K per year. )Tj
T*
( )Tj
T*
(The ALE reduction will be about 75%. The reduced ALE will be 1/4 )Tj
T*
(x $470K = $120K. )Tj
T*
( )Tj
T*
(The 5-year savings will be \($470K - $120K\) x 3.79 - $7.2K x 3.79 - \
)Tj
T*
($15K = $1.3M. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
439 0 obj[51 0 R]
endobj
440 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 95>>
endobj
441 0 obj<>
endobj
442 0 obj 2329
endobj
443 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(See the risk analysis worksheets in Section B.22 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Implement a visitor sign-in policy for the data center. Validate )Tj
T*
(tape sign-out requests. Modify the badge token authorizing data )Tj
T*
(center access. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-3:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The blue ID badge stripe which authorizes data center access can )Tj
T*
(be easily forged. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the contractor's organization. )Tj
T*
(Custody and responsibility ceases at the point where the data is )Tj
T*
(turned over to the U.S. Post Office or other reliable carrier. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The blue stripe which authorizes access to the data center )Tj
T*
(consists of a piece of blue tape attached to the badge form )Tj
T*
(horizontally above the employee picture and sealed by the )Tj
T*
(lamination. )Tj
T*
( )Tj
T*
(This credential could be easily faked by placing the tape stripe )Tj
T*
(over the lamination and then placing a second laminating layer )Tj
T*
(over the first. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(See related Finding 3.4.1-2. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(In place of the blue stripe, use a difficult to duplicate marking )Tj
T*
(such as an engraved design and attach it to the ID badge under the )Tj
T*
(lamination. It then becomes impossible to add or remove this )Tj
T*
(credential once a badge has been completely assembled, and the )Tj
ET
EMC
Q
endstream
endobj
444 0 obj[51 0 R]
endobj
445 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 96>>
endobj
446 0 obj 2462
endobj
447 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(counterfeiting process is much more difficult than before. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-4:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Fire protection by C02 is provided only for the underfloor areas )Tj
T*
(of the data center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(1\)\(B\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Fire extinguishing equipment will vary in accordance with the )Tj
T*
(physical characteristics of the facility and is subject to local )Tj
T*
(regulations. After ensuring that appropriate arrangements have )Tj
T*
(been made for fire fighting assistance, management should use )Tj
T*
(either water or halon systems if area extinguishing systems are )Tj
T*
(determined to be necessary. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is covered under Finding 3.4.1-1. It is stated here )Tj
T*
(in order to bring attention to a separate aspect of the problem. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Install a full-flood halon system in the data center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-5:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The key to the storage area containing blank Unemployment )Tj
0 -1.20001 TD
(Insurance Bureau benefit checks is kept on a hook near the )Tj
0 -1.2 TD
(computer console operator. The access list for the key contains )Tj
0 -1.2 TD
(30 names. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the organization. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Access to the key should be restricted to as few people as )Tj
T*
(possible. If one person and an alternate on each shift \(regular )Tj
T*
(plus weekend\) were assigned responsibility for the key, most )Tj
T*
(situations should be covered. Adding a few higher level )Tj
T*
(supervisors to the list should take care of virtually all )Tj
T*
(circumstances. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
448 0 obj[51 0 R]
endobj
449 0 obj<>
endobj
450 0 obj<>
endobj
451 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 97>>
endobj
452 0 obj 2414
endobj
453 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(The list should not contain more than about 15 names. It should )Tj
0 -1.2 TD
(also be satisfactory to store the key in the locked wall box in )Tj
T*
(the output processing area. This area is very close to the locked )Tj
T*
(supply cage anyway, and there is little advantage to storing the )Tj
T*
(key on a hook near the console operator where it is not nearly as )Tj
T*
(well protected. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This finding relates to physical access control in the data )Tj
T*
(center. The risk analysis is presented under Finding 3.4.1-2 and )Tj
T*
(is not repeated here. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Pare down the access list for the key to the Unemployment )Tj
T*
(Insurance Bureau blank check storage area. Maintain all copies of )Tj
T*
(the key in protected or continuously monitored storage locations. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-6:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There are no alarms and only hand-held fire extinguishers in the )Tj
T*
(supply area adjacent to the main computer room. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(I\)\(2\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(In the computer room, install fire detection equipment that )Tj
T*
(includes alarms. The alarm systems should be capable of )Tj
0 -1.20001 TD
(indicating where the activated alarm is located. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(This problem is related to Findings 3.4.1-4 and 3.4.1-1. Because )Tj
T*
(all three findings are related, the risk analysis and cost-benefit )Tj
T*
(analysis are done only once \(under Finding 3.4.1-1\). )Tj
T*
( )Tj
T*
(The finding is stated separately here to call attention to a )Tj
T*
(different aspect of the problem. )Tj
T*
( )Tj
T*
(The supply area is the area most vulnerable to the starting of a )Tj
T*
(fire and at the same time the area least protected. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
454 0 obj[51 0 R]
endobj
455 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 98>>
endobj
456 0 obj 2448
endobj
457 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Upgrade the fire detection and suppression equipment in the data )Tj
T*
(center supply storage area. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(FINDING 3.4.1-7:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no smoke exhaust capability in the data center. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(P\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Equip all computer operations areas with a smoke exhaust )Tj
T*
(capability to minimize the potential hazard to personnel, )Tj
T*
(equipment, and storage media. Equip air conditioning ductwork )Tj
T*
(systems with dampers to prevent the spread of fire, smoke or )Tj
T*
(chemical agents. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Although portable fans are on hand for cooling down overhead )Tj
T*
(equipment and could be used for smoke exhaust purposes, no thought )Tj
T*
(has been given to the problem and no plan for exhausting smoke has )Tj
T*
(been prepared. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(A smoke exhaust system can only be used after the danger of )Tj
T*
(spreading fire has been eliminated. The system would possibly )Tj
0 -1.20001 TD
(have an effect on the chances for survival of any persons trapped )Tj
0 -1.2 TD
(in the computer center during a fire. There would be no effect on )Tj
0 -1.2 TD
(material damages due to the fire itself. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(We wee no losses to SOES due to the absence of a smoke exhaust )Tj
T*
(system. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In spite of the $0 ALE, requirements call for a smoke exhaust )Tj
T*
(capability in all computer operations areas. )Tj
T*
( )Tj
T*
(We recommend that the effectiveness of the portable fans in )Tj
T*
(exhausting smoke be reviewed and if necessary, alternative methods )Tj
T*
(chosen. )Tj
T*
( )Tj
T*
(In all probability, it will be sufficient to draft an emergency )Tj
T*
(procedure specifying how the portable fans should be placed to )Tj
T*
(maximize their smoke exhaust capabilities. )Tj
ET
EMC
Q
endstream
endobj
458 0 obj[51 0 R]
endobj
459 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 99>>
endobj
460 0 obj 2430
endobj
461 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(The cost of the effectiveness study and procedure preparation )Tj
T*
(should not exceed one staff-month at a salary level of $20K with )Tj
T*
(100% overhead. the cost would be 1/12 yr x 2.0 overhead x $20K/yr )Tj
T*
(= $3.7K. Although the safeguard is not directly cost effective, )Tj
T*
(it is required by the State. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in section B.23 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Formalize the use of portable fans for exhausting smoke. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4.2 SYSTEMS SOFTWARE)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This group provides support for the operating system, all IBM )Tj
T*
(program products and other proprietary software packages. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.2-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(There is no provision for the real-time on-line reporting of )Tj
T*
(incorrect password usage attempts to a security officer. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(5\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(For on-line systems, limit the number of sign-on attempts and, )Tj
T*
(when the limit is exceeded, generate an alert to the individual )Tj
T*
(responsible for on-line security. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Without on-line reporting of incorrect password entry attempts, it )Tj
0 -1.2 TD
(is difficult if not impossible to catch computer system intruders. \
)Tj
0 -1.20001 TD
(An audit trail of all sign-ons, successful or not, would aid in )Tj
0 -1.2 TD
(identifying persons who perform unauthorized activities on the )Tj
T*
(computer system. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is similar in effect to Finding 3.2.1.2.3-1 in that )Tj
T*
(it allows attempts at unauthorized access to CUIS to go )Tj
T*
(undetected. This weakness has been accounted for in the AFE )Tj
T*
(selection made under that finding. The risk analysis is not )Tj
T*
(repeated here. )Tj
ET
EMC
Q
endstream
endobj
462 0 obj[51 0 R]
endobj
463 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 100>>
endobj
464 0 obj<>
endobj
465 0 obj 2368
endobj
466 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the online reporting of incorrect password entry )Tj
T*
(attempts. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4.3 ONLINE APPLICATIONS)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This group currently provides no support to SOES Unemployment )Tj
T*
(Insurance Bureau operations. The group does maintain the ODCS )Tj
T*
(security subsystem which is not but could be used to protect that )Tj
T*
(portion of CUIS originally designed to operated under ODCS \(as )Tj
T*
(opposed to CICS\). ODCS is the On-line Data Communications System, \
)Tj
T*
(a predecessor to CICS designed and developed by Turnkey Systems, )Tj
T*
(Inc. \(TSI\). )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4.4 TECH SUPPORT/RTI DIVISION)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This division provides technical assistance to operations and )Tj
T*
(System Engineers \(SEs\) in the field. It also operates a run-time \
)Tj
0 -1.20001 TD
(improvement \(RTI\) program by reviewing PROCS for optimum coding )Tj
0 -1.2 TD
(and assists new data center accounts with their processing. )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(About 15% of this division's activities are in support of the SOES )Tj
0 -1.2 TD
(Unemployment Insurance Bureau. )Tj
T*
( )Tj
T*
(The ACF2 Security Software is this division's responsibility. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.4-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The data center has no policy requiring periodic changes to )Tj
T*
(passwords. Users are allowed to specify their own passwords. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(11\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords must be modified at periodic unannounced intervals, when )Tj
T*
(an individual changes positions, and when a security breach is )Tj
T*
(suspected. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
467 0 obj[51 0 R]
endobj
468 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 101>>
endobj
469 0 obj<>
endobj
470 0 obj 2408
endobj
471 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(The TSI data center supports a number of corporate customers who )Tj
T*
(process sensitive information. It would thus be wise to require )Tj
T*
(these customers to observe a certain amount of procedural )Tj
T*
(discipline for their own protection. )Tj
T*
( )Tj
T*
(A major part of this discipline would be to require periodic )Tj
T*
(changes of passwords and random selection of passwords. )Tj
T*
( )Tj
T*
(This finding is related to Finding 3.3-1 and the risk analysis and )Tj
T*
(cost-benefit analysis are not repeated here. The purpose of this )Tj
T*
(finding is to point out the separate responsibilities of the CUIS )Tj
T*
(Software Support Group and the TSI Main Data Center to provide for )Tj
T*
(the security of their operations. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The data center should require the use of randomly generated )Tj
T*
(passwords which are changed at least once a year. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4.5 DATA MANAGEMENT DIVISION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This division is responsible for tape library operations and the )Tj
T*
(Mini Computer Group. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4.5.1 TAPE LIBRARY)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(The tape library is responsible for all aspects of tape operations )Tj
0 -1.2 TD
(and management. The Tape Library Management System \(TLMS\) )Tj
0 -1.2 TD
(provides support in this area. )Tj
0 -1.20001 TD
( )Tj
/T1_0 1 Tf
0 -1.2 TD
(FINDING 3.4.5.1-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(No authorization checks are made when tapes are signed out from )Tj
T*
(the tape library. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the contractor's organization. )Tj
ET
EMC
Q
endstream
endobj
472 0 obj[51 0 R]
endobj
473 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 102>>
endobj
474 0 obj 2583
endobj
475 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(DISSCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(When an individual attempts to sign out a tape from the tape )Tj
T*
(library, the only check made on his authority to do so is to )Tj
T*
(ensure that he has an ID badge with the blue stripe indicating )Tj
T*
(data center access. This of course does not identify him in any )Tj
T*
(way as the owner of the tape. Also, as discussed in Finding )Tj
T*
(3.4.1-3, the blue stripe is simple to forge. Thus anyone with a )Tj
T*
(SOES picture badge could remove a tape from the library without )Tj
T*
(too much effort. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Loss to SOES because of this, problems could occur in a number of )Tj
T*
(ways. A stolen tape could cause a processing delay of up to a day )Tj
T*
(while the backup was being fetched and updated. A stolen tape )Tj
T*
(could be modified for purposes of fraud on a compatible computer )Tj
T*
(system and then replaced in the library. A stolen tape could be )Tj
T*
(used by an individual for activities in violation of the State )Tj
T*
(Privacy act which would leave SOES vulnerable to lawsuits for not )Tj
T*
(providing proper protection fro such data. )Tj
T*
( )Tj
T*
(The latter scenarios described above lead to the largest loss )Tj
T*
(potentials. We set the loss potential at $100K. )Tj
T*
( )Tj
T*
(The AFE of .006 is taken from the low end of the frequency scale )Tj
T*
(for fraud and abuse because of the effort required to exploit this )Tj
0 -1.20001 TD
(vulnerability. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The ALE is $100K x .006 = $600. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to validate sign-out requests. This can be done )Tj
T*
(with negligible additional cost by verifying that the tape owner )Tj
T*
(is either making or has authorized the sign-out request. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0. )Tj
T*
( )Tj
T*
(The savings will be $600 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.24 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Release tapes only to their owners or to persons authorized in )Tj
ET
EMC
Q
endstream
endobj
476 0 obj[51 0 R]
endobj
477 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 103>>
endobj
478 0 obj 2699
endobj
479 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(writing by the owners. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(FINDINGS 3.4.5.1-2:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Non-production tapes are scratched automatically when the )Tj
T*
(retention data is reached. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(6\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Routines that modify the status volume serial number of a file )Tj
T*
(must be controlled. This means the authority to scratch, or )Tj
T*
(rename a rile must be limited and controlled. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Owners of tapes should be notified of approaching scratch dates so )Tj
T*
(that they can be assured of an opportunity to request an )Tj
T*
(extension. It is too easy to lose track of retention dates )Tj
T*
(especially when dealing with a large number of tapes. )Tj
T*
( )Tj
T*
(The tape Library Management System \(TLMS\) could automatically )Tj
T*
(prepare for each owner a list of tapes owned and the corresponding )Tj
T*
(retention dates. Such a list could be prepared periodically \(e.g. \
)Tj
T*
(monthly\). The owners could then indicate any retention date )Tj
T*
(changes and return the list to the library for action. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(NOTE:)Tj
/T1_2 1 Tf
( This is not a problem with CUIS )Tj
/T1_1 1 Tf
(production)Tj
/T1_2 1 Tf
( )Tj
T*
(tapes. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES in this case would be the cost of regenerating )Tj
0 -1.20001 TD
(the contents of a tape scratched accidentally. The problem could )Tj
0 -1.2 TD
(result not only from the rigid observance of retention dates but )Tj
0 -1.2 TD
(also from mismounts and other mistakes. It is unlikely that a )Tj
0 -1.20001 TD
(production data file would be scratched in this manner because )Tj
0 -1.2 TD
(most such files are on disk and production tape files have )Tj
T*
(indefinite retention. Accidents are possible, however. )Tj
T*
( )Tj
T*
(The average tape is 9-track, 2400 feet long, and contains 1,600 )Tj
T*
(bytes per inch. If full, the tape would contain 1,600 bytes/in x )Tj
T*
(12 1n/ft x 1,200 ft = 23M bytes, allowing half the length of the )Tj
T*
(tape for inter-record gaps containing no data. )Tj
T*
( )Tj
T*
(In the worst case, no backup will exist and the entire contents of )Tj
T*
(the tape will have to be key-entered. An experienced data entry )Tj
ET
EMC
Q
endstream
endobj
480 0 obj[51 0 R]
endobj
481 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 104>>
endobj
482 0 obj 2535
endobj
483 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(clerk can key 90 words per minute. At 5 characters \(or bytes\) per \
)Tj
0 -1.2 TD
(work on the average, this is the equivalent of 5 bytes/work x 90 )Tj
T*
(words/min x 60 min/hr = 27K bytes/hr. )Tj
T*
( )Tj
T*
(Approximately 23M/27K = 850 hours would be required for the data )Tj
T*
(entry at a cost of not more than $6/hr x 850 hrs x 1.25 overhead = )Tj
T*
($6.4K. )Tj
T*
( )Tj
T*
(No statistics were available on the number of tapes scratched )Tj
T*
(accidentally at the Main Data Center. National statistics predict )Tj
T*
(a range of 12 to 24 accidental scratches per year. )Tj
T*
( )Tj
T*
(Using the lower end of the range, we select an AFE of 12. We also )Tj
T*
(recognize that backup tapes might exist, but not more than half )Tj
T*
(the time because private \(i.e. non-production\) tapes are most )Tj
T*
(susceptible and these are not likely to have backups in more than )Tj
T*
(50% of the cases. )Tj
T*
( )Tj
T*
(The ALE is $6.4K x .5 x 12= $38K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(the safeguard is to consult the owner prior to scratching tapes. )Tj
T*
(The TLMS system is capable of producing inventory lists by owner )Tj
T*
(with retention dates. Each tape owner's list should be sent to )Tj
T*
(him for review once per moth to indicate any needed retention date )Tj
T*
(changes. )Tj
T*
( )Tj
0 -1.20001 TD
(The cost would be one man-day per month maximum on the part of )Tj
0 -1.2 TD
(tape library personnel. At a salary of $18K with 100% overhead, )Tj
0 -1.2 TD
(the cost would be \(1/2\) yr x $18K/yr x 2.0 overhead = $3K. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The ALE would be reduced by 75%. The remaining 25% of )Tj
T*
(inappropriate scratches would be done accidentally. )Tj
T*
( )Tj
T*
(The reduced ALE is .25 x $30K = $9.5K. )Tj
T*
( )Tj
T*
(The savings will be \($38K - $9.5K\) - $1.7K = $27K per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.25 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Consult tape owners prior to scratching tapes whose retention )Tj
T*
(dates have passed. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.5.1-3:)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
484 0 obj[51 0 R]
endobj
485 0 obj<>/ProcSet[/PDF/Text]>>/StructParents 105>>
endobj
486 0 obj<>
endobj
487 0 obj 2451
endobj
488 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(Tapes are not degassed after scratching and prior to reuse. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(M\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(SECURE DISPOSAL - Dispose of all retired, discarded or unneeded )Tj
T*
(sensitive data in a way that makes it impossible for unauthorized )Tj
T*
(personnel to obtain it. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Because tapes are not degaussed prior to reuse and because they )Tj
T*
(are not reserved for use by individual data center customers, it )Tj
T*
(is possible for one customer to scavenge another customer's old )Tj
T*
(data by requesting a scratch tape and reading it before writing )Tj
T*
(it. )Tj
T*
( )Tj
T*
(Scavenging of tapes within a single customer organization is also )Tj
T*
(a potentially serious problem. In this situation a resourceful )Tj
T*
(but unprincipled SOES employee might simply browse through old )Tj
T*
(tapes until he located something useful or interesting such as the )Tj
T*
(source listing of a CUIS module containing an access code or an )Tj
T*
(old wage record tape. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES caused by the failure to degauss scratched tapes )Tj
T*
(would seem to be a secondary effect. The person who detects )Tj
T*
(something of interest on a scratched tape would then have to make )Tj
T*
(use of what he finds. He might find employer numbers and )Tj
T*
(addresses and use them on phoney claims. He might find CUIS )Tj
T*
(source code containing an access password and attempt to gain )Tj
0 -1.20001 TD
(unauthorized access to that part of CUIS. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The effects of this vulnerability are accounted for in the other )Tj
0 -1.20001 TD
(findings of this report. The risk analyses are not repeated here. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Degauss all scratch tapes prior to reissue. )Tj
T*
( )Tj
T*
(3.4.5.2 MINI COMPUTER GROUP )Tj
ET
EMC
Q
endstream
endobj
489 0 obj[51 0 R]
endobj
490 0 obj 2452
endobj
491 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This group manages the operation of several mini computers. Only )Tj
T*
(one of these, the Downline Loading System \(DLS\), is operated in )Tj
T*
(support of the Unemployment Insurance Bureau. The DLS is used to )Tj
T*
(send system software modifications directly to the Threeville Data )Tj
T*
(Center from Capitaltown so that on-site SE support requirements at )Tj
T*
(Threeville can be held to a minimum. testing of the Threeville )Tj
T*
(system can also be done from Capitaltown via the DLS. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.4.6 ONLINE/RJE DIVISION )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Online/RJE Division is responsible for teleprocessing )Tj
T*
(hardware, and network operations. With respect to the )Tj
T*
(Unemployment Insurance Bureau, the division initializes CUIS each )Tj
T*
(morning and assures that all data files are open and operable. It )Tj
T*
(also receives calls from the field. Performance-related problems )Tj
T*
(are dealt with either directly or through outside support. Other )Tj
T*
(types of problems are referred to the appropriate group. )Tj
T*
( )Tj
T*
(3.4.7 OUTPUT CONTROL DIVISION: )Tj
T*
( )Tj
0 -1.20001 TD
(The division is responsible for data and forms control, the )Tj
0 -1.2 TD
(operation of conventional and laser printers and the distribution )Tj
0 -1.2 TD
(of output. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(We found no problems with the practices and procedures of this )Tj
T*
(division. )Tj
T*
( )Tj
T*
(3.5 ACCOUNTING SERVICES )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This department is responsible for all accounting activities at )Tj
T*
(SOES including bank account management, fund reconciliation, the )Tj
T*
(handling of returned and recouped funds and the disbursement of )Tj
T*
(claim payments. )Tj
T*
( )Tj
T*
(3.5.1 PROGRAMS ACCOUNTING )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
492 0 obj 2525
endobj
493 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(This office handles the accounting for the Unemployment Insurance )Tj
T*
(Bureau program as well as other SOES programs. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDINGS 3.5.1-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Secure areas used by the Programs Accounting Department have walls )Tj
T*
(which do not extend to the true ceiling. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(19\):)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the secure storage of all media containing sensitive )Tj
T*
(data when it is not is use. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The Accounting Department uses one locked storeroom to hold blank )Tj
T*
(check stock, a second locked room for the occasional overnight )Tj
T*
(storage of printed and signed checks and a third room \(the Cash )Tj
T*
(Receiving area\) for the storage of checks returned by the Postal )Tj
T*
(Service as undeliverable. )Tj
T*
( )Tj
T*
(All three of these room have walls which extend only as for as the )Tj
T*
(dropped ceiling tiles. It is a trivial matter to lift out ceiling )Tj
T*
(tiles and climb over the false wall into the storage area. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The easiest way to take advantage of this vulnerability would be )Tj
T*
(to climb over the wall into the Cash receiving area \(or break down \
)Tj
T*
(the upper half of the Dutch door which is secured only by a single )Tj
T*
(sliding bar latch\) and steal some checks that were returned by the \
)Tj
0 -1.20001 TD
(Postal Service due to incorrect addresses. There is a large )Tj
0 -1.2 TD
(number of these checks on file and some are for amounts in the )Tj
0 -1.2 TD
($10K range. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(These large checks are usually tax refunds sent to employers who )Tj
T*
(move all or part of their operations out of state and take most of )Tj
T*
(the affected employees with them. If done properly, the theft )Tj
T*
(will not be detected until the checks clear the bank or possibly )Tj
T*
(later. )Tj
T*
( )Tj
T*
(The loss to SOES might be as much as $100K. )Tj
T*
( )Tj
T*
(The frequency estimate, taken from the low end of the range for )Tj
T*
(theft is 1. )Tj
ET
EMC
Q
endstream
endobj
494 0 obj 2415
endobj
495 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(The ALE is $100K x 1 = $100K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to extend the walls of all storage areas to the )Tj
T*
(true ceiling and to alarm all doors and windows leading to these )Tj
T*
(areas. )Tj
T*
( )Tj
T*
(The cost will be no more than $2K per room. For 3 rooms the total )Tj
T*
(would be $6K. )Tj
T*
( )Tj
T*
(The ALE will be reduced by 50% to $50K. the reduction will not be )Tj
T*
(greater because the returned checks are still susceptible to theft )Tj
T*
(by employees of the Cash Receiving Unit. In Finding 3.5.1-2, a )Tj
T*
(second safeguard will be proposed to eliminate the remaining ALE. )Tj
T*
( )Tj
T*
(The 5-year savings will be \($100K - $50K\) x 3.79 - $6 = $184K. )Tj
T*
( )Tj
T*
(See risk analysis worksheets in Section B.26 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATOIN:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Extend the walls of all secure storage areas to meet the true )Tj
T*
(ceiling. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.5.1-2:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Benefit checks returned to SOES are not batched and present an )Tj
0 -1.2 TD
(easy target for abuse. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the organization. Custody and )Tj
T*
(responsibility ceases at the point where the data is turned over )Tj
T*
(to the U.S. Post Office or other reliable carrier. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Benefit checks returned as undeliverable by the Postal service are )Tj
T*
(easily recognized by mailroom personnel because of the distinctive )Tj
T*
(envelopes in which they are sent out. )Tj
T*
( )Tj
T*
(They are sent unopened and unbatched to the Cash Receiving area. )Tj
T*
(It would be a simple matter for a mailroom clerk or a cash )Tj
ET
EMC
Q
endstream
endobj
496 0 obj 2494
endobj
497 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(receiving clerk to remove some of the checks and attempt to cash )Tj
0 -1.2 TD
(them or sell them to a fence. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This finding is similar to the previous finding in that the )Tj
T*
(targeted asset is the same. In the present situation, the threat )Tj
T*
(agent will have no obstacle \(such as false walls\) to overcome )Tj
T*
(because as a Cash Receiving employee he has access to the returned )Tj
T*
(checks on a regular basis. )Tj
T*
( )Tj
T*
(On the other hand, such an employee would be more vulnerable to )Tj
T*
(detection than an outsider who could disappear without his )Tj
T*
(identity ever becoming known. )Tj
T*
( )Tj
T*
(We do not feel that this finding increases the ALE due to )Tj
T*
(misappropriation of returned checks in Finding 3.5.1-1. )Tj
T*
( )Tj
T*
(The ALE is thus $50K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The main issue of this finding is the lack of controls which would )Tj
T*
(lead to the immediate detection of a missing check. )Tj
T*
( )Tj
T*
(Although the finding does not lead to an increased ALE, it does )Tj
T*
(suggest a means of eliminating the $50K ALE remaining from Finding )Tj
T*
(3.5.1-1. If returned checks are destroyed immediately and then )Tj
T*
(reissued if and when the recipient's correct address comes to )Tj
T*
(light, the entire problem of returned checks will be eliminated. )Tj
T*
( )Tj
T*
(The cost of this safeguard will be a half hour per day for )Tj
0 -1.20001 TD
(batching the returned checks in the mailroom and zero additional )Tj
0 -1.2 TD
(time for Cash Receiving to place the checks in a secure container )Tj
0 -1.2 TD
(for disposal instead of in a file cabinet. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Using the salary of a grade QC mailroom clerk, this cost will be )Tj
T*
(1/2 hr/day x 5 days/wk x 52 wks/yr x $6.76/hr x 1.25 overhead = )Tj
T*
($1.1K. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0 from $50K. )Tj
T*
( )Tj
T*
(The savings will be \($50K - $1.1K\) = $49 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.27 of Appendix B. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
498 0 obj 2286
endobj
499 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Batch returned checks in the mailroom prior to sending them to )Tj
T*
(Cash Receiving. Then destroy the checks after generating the )Tj
T*
(necessary accounting records. )Tj
T*
( )Tj
T*
(3.6 LEGAL AFFAIRS )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Legal Affairs provides contracting assistance to the Unemployment )Tj
T*
(Insurance Bureau, monitors federal legislation for Unemployment )Tj
T*
(Insurance Bureau-related issues and serves as a source of )Tj
T*
(information for opposing legal counsel in court cases. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.7 CONSUMER AFFAIRS )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Consumer Affairs processes VIP queries relating to the )Tj
T*
(Unemployment Insurance Bureau and monitors claimant litigation in )Tj
T*
(order to protect SOES's interests. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(3.8 GENERAL AUDIT )Tj
0 -1.2 TD
( )Tj
/T1_0 1 Tf
0 -1.20001 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(General Audit is responsible for all Headquarters financial audit )Tj
T*
(activities and reports to the Assistant Director for Management. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(FINDING 3.8-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(When an audit is to be conducted, advance notice is given to the )Tj
T*
(affected department. )Tj
T*
( )Tj
/T1_0 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(10\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Supervisors have certain responsibilities for the security and )Tj
T*
(integrity of data in their work area. They must be instructed to )Tj
T*
(monitor the activities of the visitors to the work area \(including \
)Tj
T*
(company employees from other work areas\), and to ensure that )Tj
ET
EMC
Q
endstream
endobj
500 0 obj 2312
endobj
501 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(functions of the unit are performed only by employees formally )Tj
0 -1.2 TD
(assigned to the unit. Supervisors should have procedures for )Tj
T*
(handling questionable activities. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Normally only one day advance notice is given. This would be more )Tj
T*
(than sufficient time for an embezzler to remove any incriminating )Tj
T*
(records or complete any cover-up activities. )Tj
T*
( )Tj
T*
(It is our position that records to be examined in an audit should )Tj
T*
(be secured by the auditors with absolutely no advance notice )Tj
T*
(whatsoever. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES in this situation would be due to a failure to )Tj
T*
(detect and recoup misappropriated funds. )Tj
T*
( )Tj
T*
(The loss potential is estimated at $100K. )Tj
T*
( )Tj
T*
(The AFE of .006 is selected from the lower end of the range for )Tj
T*
(fraud and abuse. The AFE is modified by a factor of .5 to allow )Tj
T*
(for the possibility that the perpetrator will not learn of the )Tj
T*
(impending audit and fail to cover his tracks in time. )Tj
T*
( )Tj
T*
(The ALE is $100K x .006 x.5 = $300. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to initiate all audits on a surprise basis and )Tj
T*
(collect all records to be reviewed immediately after announcing )Tj
0 -1.20001 TD
(the audit to the affected department. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The cost of this safeguard is $0. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The ALE will be reduced by 90% to $30. In the other 10% of cases, )Tj
T*
(the perpetrator will not be vulnerable to an audit at the critical )Tj
T*
(time when records are collected. )Tj
T*
( )Tj
T*
(The savings will be $270 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.28 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
502 0 obj 2209
endobj
503 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
(As a matter of policy, give no notice of impending audit activity )Tj
0 -1.2 TD
(to the affected departments. )Tj
T*
( )Tj
T*
(3.9 PLANS AND RESEARCH )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This department develops broad goals and objectives for all SOES )Tj
T*
(activities. It monitors each area of activity and provides )Tj
T*
(feedback when necessary. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(department. )Tj
T*
( )Tj
T*
(3.10 PERSONNEL ADMINISTRATION )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This department is responsible for hiring, salary administration, )Tj
T*
(employee relations, labor union negotiations and all other aspects )Tj
T*
(of personnel administration. )Tj
T*
( )Tj
T*
(3.10.1 COMPENSATION AND BENEFITS )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This office is responsible for ensuring a competitive salary )Tj
T*
(structure at SOES. It also administers the employee benefits )Tj
0 -1.20001 TD
(program and conducts union wage negotiations. Position )Tj
0 -1.2 TD
(classification, performance appraisals and coordination of )Tj
0 -1.2 TD
(personnel activities in the eastern half of the state are other )Tj
0 -1.20001 TD
(areas of involvement. )Tj
0 -1.2 TD
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.10.2 EMPLOYEE/LABOR RELATIONS )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This office assists in union negotiations, formulates labor )Tj
T*
(relations policy, ensures SOES compliance with the union contract )Tj
T*
(and performs related duties as directed. )Tj
T*
( )Tj
T*
(We found no problem with the practices and procedures of this )Tj
T*
(office. )Tj
T*
( )Tj
ET
EMC
Q
endstream
endobj
504 0 obj 2184
endobj
505 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 753.67424 Tm
(3.10.3 EMPLOYEE SELECTION/DEVELOPMENT )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This office determines the needs of SOES in the area of employee )Tj
T*
(development and sets up programs to satisfy those needs. It also )Tj
T*
(plans and directs employment activities and runs the EEO program. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(office. )Tj
T*
( )Tj
T*
(3.11 GENERAL SERVICES )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(General Services is responsible for all matters concerning )Tj
T*
(physical facilities, incoming and outgoing mail, the procurement )Tj
T*
(of goods and services, word processing, reproduction, the )Tj
T*
(headquarters telephone switchboard and forms management. )Tj
T*
( )Tj
T*
(3.11.1 FACILITIES )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Facilities is responsible for all matters concerning the SOES )Tj
T*
(physical plant including leases, guard service, fire protection, )Tj
T*
(etc. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.11.2 MAIL AND DISTRIBUTION )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
0 -1.2 TD
( )Tj
0 -1.20001 TD
(Mail and distribution receives, sorts and distributes incoming )Tj
0 -1.2 TD
(mail from the Postal Service and other carriers. it also )Tj
T*
(processes outgoing mail. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINING 3.11.2-1:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The storeroom used by the Mail and Distribution Department has )Tj
T*
(walls which do not extend to the true ceiling as well as unalarmed )Tj
T*
(exterior windows. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(9\):)Tj
/T1_0 1 Tf
( )Tj
ET
EMC
Q
endstream
endobj
506 0 obj 2243
endobj
507 0 obj<>stream
/Article <>BDC
q
0 18 612 756 re
W* n
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(Provide for the secure storage of all media containing sensitive )Tj
T*
(data when it is not in sue. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(This is another instance of the problem discussed in Finding )Tj
T*
(3.5.1-1. In this case, the storage room has walls which do not )Tj
T*
(extend to the true ceiling and unalarmed windows. The room is )Tj
T*
(used to store 5 to 10 Unemployment Insurance Bureau benefit checks )Tj
T*
(overnight once or twice per week. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The checks stored in this room could be stolen. An insider would )Tj
T*
(wait until one or more large checks were to be stored overnight. )Tj
T*
(The average value of a check is about $200. A large check might )Tj
T*
(be worth $5K to $10K. We set the loss potential at $10K for the )Tj
T*
(worst case. )Tj
T*
( )Tj
T*
(The AFE of 1 is taken from the low end of the range for theft. )Tj
T*
( )Tj
T*
(The ALE is $10K x 1 = $10K. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to alarm the door and windows in this room and to )Tj
T*
(extend the walls to the true ceiling. The cost will not exceed )Tj
0 -1.20001 TD
($2K. )Tj
0 -1.2 TD
( )Tj
0 -1.2 TD
(The ALE will be reduced to $0. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The 5-year savings will be 3.79 x \($10K - $0\) - $2K = $3.6K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.29 of Appendix B. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Extend the walls of all secure storage areas to meet the true )Tj
T*
(ceiling. )Tj
T*
( )Tj
T*
(3.11.3 MATERIEL SERVICES )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_0 1 Tf
( )Tj
T*
( )Tj
T*
(Material Services is responsible for all purchasing, warehousing )Tj
T*
(and records storage within SOES. )Tj
ET
EMC
Q
endstream
endobj
508 0 obj<>
endobj
509 0 obj 2663
endobj
510 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 737.68518 Tm
( )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
12.00505 0 0 12.00505 199.93544 689.53558 Tm
(\(Attachment to UIPL 42-87, change 1\))Tj
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 656.76544 Tm
( )Tj
T*
( )Tj
/T1_3 1 Tf
0.21429 -1.41429 Td
(DOCUMENT E- 1)Tj
/T1_1 1 Tf
-0.21429 -1.41428 Td
( )Tj
/T1_3 1 Tf
0.21429 -1.41429 Td
(RISK)Tj
T*
(ANALYSIS)Tj
T*
(TECHNICAL)Tj
T*
(ASSISTANCE)Tj
T*
(GUIDE)Tj
ET
0.5 0.5 0.5 rg
9.28961 508.0311 m
9.28961 509.88901 l
602.71039 509.88901 l
601.78143 508.96005 l
10.21857 508.96005 l
10.21857 508.96005 l
h
f
0.875 0.875 0.875 rg
602.71039 509.88901 m
602.71039 508.0311 l
9.28961 508.0311 l
10.21857 508.96005 l
601.78143 508.96005 l
601.78143 508.96005 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 490.2955 Tm
( )Tj
T*
( )Tj
/T1_2 1 Tf
19.1198 -2.56966 Td
(FINAL REPORT )Tj
4.05164 -1.2 Td
( )Tj
-13.21915 -1.2 Td
(COMPUTER SECURITY REVIEW AND RISK ANALYSIS )Tj
13.21915 -1.2 Td
( )Tj
-13.44064 -1.2 Td
(UNEMPLOYMENT INSURANCE BUREAU OPERATIONS )Tj
13.44064 -1.2 Td
( )Tj
-14.21915 -1.2 Td
(VOL 1: FINDINGS, ANALYSES AND RECOMMENDATIONS )Tj
14.21915 -1.2 Td
( )Tj
12.00505 0 0 12.00505 269.97885 299.64322 Tm
(presented to )Tj
3.38741 -1.2 Td
( )Tj
-11.16589 -1.2 Td
(STATE OFFICE OF EMPLOYMENT SECURITY )Tj
6.41701 -1.2 Td
(123 MAIN STREET )Tj
-2.63901 -1.2 Td
(CAPITALTOWN STATE 12345)Tj
/T1_1 1 Tf
13.00546 0 0 13.00546 310.64481 209.24886 Tm
( )Tj
T*
( )Tj
/T1_3 1 Tf
-11.44286 -1.41429 Td
(prepared by)Tj
T*
(EDP AUDIT CONTROLS, INC.)Tj
T*
( )Tj
/T1_1 1 Tf
14.68571 2.39999 Td
( )Tj
/T1_3 1 Tf
0.88571 0 Td
(March 1983)Tj
T*
(Reissued)Tj
T*
(August 1987)Tj
ET
0.5 0.5 0.5 rg
9.28961 128.5145 m
9.28961 130.37242 l
602.71039 130.37242 l
601.78143 129.44347 l
10.21857 129.44347 l
10.21857 129.44345 l
h
f
0.875 0.875 0.875 rg
602.71039 130.37242 m
602.71039 128.5145 l
9.28961 128.5145 l
10.21857 129.44345 l
601.78143 129.44345 l
601.78143 129.44347 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 310.64481 93.12865 Tm
( )Tj
T*
( )Tj
/T1_2 1 Tf
-3.46814 -2.56966 Td
(DISCLAIMER)Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(1 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
511 0 obj 3102
endobj
512 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 310.64481 742.85541 Tm
( )Tj
0 -1.2 TD
( )Tj
-19.85715 -1.2 Td
(THIS COMPUTER SECURITY REVIEW AND RISK ANALYSIS HAS BEEN COMPOSED )Tj
1.2 -1.2 Td
(FOR EDUCATIONAL PURPOSES ONLY. AS AN INSTRUCTIONAL DOCUMENT. )Tj
-1.2 -1.2 Td
(THIS ARTIFICIAL RISK ANALYSIS PRODUCT DOES NOT IN ANY WAY REFLECT )Tj
T*
(THE PRACTICES OR PROCEDURES FOLLOWED BY ANY ACTUAL EXISTING STATE )Tj
14.10001 -1.2 Td
(EMPLOYMENT AGENCY.)Tj
ET
0.5 0.5 0.5 rg
9.28961 636.48169 m
9.28961 638.33966 l
602.71039 638.33966 l
601.78143 637.41064 l
10.21857 637.41064 l
10.21857 637.41064 l
h
f
0.875 0.875 0.875 rg
602.71039 638.33966 m
602.71039 636.48169 l
9.28961 636.48169 l
10.21857 637.41064 l
601.78143 637.41064 l
601.78143 637.41064 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 618.74609 Tm
( )Tj
T*
( )Tj
/T1_2 1 Tf
0 -2.56966 TD
(EXECUTIVE SUMMARY)Tj
/T1_1 1 Tf
0 -2.54463 TD
( )Tj
0 -1.2 TD
(This document is Volume 1 of a two-volume report which details the )Tj
T*
(results of a risk analysis of the EDP-related aspects of the )Tj
T*
(Unemployment Insurance Bureau claims processing operations at the )Tj
T*
(State Office of Employment Security \(SOES\). This volume contains )Tj
T*
(all findings, analyses and recommendations. )Tj
T*
( )Tj
T*
(Chapter 1 of the report summarizes the major findings and )Tj
T*
(recommendations. )Tj
T*
( )Tj
T*
(Chapter 2 discusses in detail environmental and general risks )Tj
T*
(faced equally by all elements of SOES. )Tj
T*
( )Tj
T*
(Chapter 3 discusses risks due to specific problems with the )Tj
T*
(policies, practices, procedures and organizational structure of )Tj
T*
(the SOES Unemployment Insurance Bureau operation. )Tj
T*
( )Tj
T*
(Volume 2 contains all risk analysis worksheets and descriptions of )Tj
T*
(the methodologies employed. )Tj
T*
( )Tj
T*
(During our security review and risk analysis of the Office of )Tj
T*
(Employment Security's Unemployment Insurance Bureau Operations we )Tj
T*
(observed the following major strengths:)Tj
0.45714 -2.55714 Td
(1. SOES management is highly skilled in handling crises. This )Tj
2.39999 -1.2 Td
(was clearly demonstrated during the 1982-1983 union strike. In )Tj
T*
(our judgment, SOES's overall position after the difficulties was )Tj
T*
(stronger than before. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(2. SOES is moving towards the establishment of one of the most )Tj
2.39999 -1.2 Td
(disaster-resistant claims processing setups that EDP/AC has ever )Tj
T*
(observed. This will be achieved when each of the Unemployment )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(2 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
513 0 obj 3282
endobj
514 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 46.44809 755.33545 Tm
(Insurance Bureau field offices carries out all aspects of claims )Tj
0 -1.2 TD
(processing.)Tj
-2.85715 -2.55714 Td
( )Tj
T*
( )Tj
T*
(We also observed the following major weaknesses:)Tj
0.45714 -2.55714 Td
(1. There is a lack of effective separation between software )Tj
2.39999 -1.2 Td
(support activities and Unemployment Insurance Bureau production )Tj
T*
(operations. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(2. The Threeville field office is deficient in physical access )Tj
2.39999 -1.2 Td
(controls and is located in an area susceptible to floods and )Tj
T*
(earthquakes. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(3. Headquarters offices are located in an earthquake-prone area. )Tj
2.39999 -1.2 Td
(An effective disaster recovery plan is needed. )Tj
T*
( )Tj
-2.39999 -1.2 Td
(4. Technical \(hardware and software\) security controls over the )Tj
2.39999 -1.2 Td
(Comprehensive Unemployment Insurance System \(CUIS\) and )Tj
T*
(Unemployment Insurance Bureau data files are )Tj
T*
(inadequate.)Tj
ET
0.5 0.5 0.5 rg
9.28961 393.12567 m
9.28961 394.98361 l
602.71039 394.98361 l
601.78143 394.05466 l
10.21857 394.05466 l
10.21857 394.05463 l
h
f
0.875 0.875 0.875 rg
602.71039 394.98361 m
602.71039 393.12567 l
9.28961 393.12567 l
10.21857 394.05463 l
601.78143 394.05463 l
601.78143 394.05466 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 375.39008 Tm
( )Tj
T*
( )Tj
/T1_2 1 Tf
17.42529 -2.56966 Td
(TABLE OF CONTENTS)Tj
/T1_1 1 Tf
-17.42529 -2.54463 Td
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(Section)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
0 0 1 RG
0.39796 w 10 M 0 j 0 J []0 d
9.28961 229.64975 m
305.81421 229.64975 l
S
0 0 1 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 230.84363 Tm
(CHAPTER 1 FINDINGS AND RECOMMENDATIONS)Tj
0 0 0 rg
( )Tj
0 -1.34286 TD
( 1.1 INTRODUCTION )Tj
0 -1.2 TD
( 1.2 SUMMARY OF FINDINGS AND RECOMMENDATIONS )Tj
T*
( 1.3 SUMMARY OF ALES, SAFEGUARD COSTS AND SAVINGS )Tj
T*
( )Tj
ET
9.28961 149.75903 m
196.5683 149.75903 l
S
0 0 1 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 150.95294 Tm
(CHAPTER 2 GENERAL ISSUES)Tj
0 0 0 rg
0 -1.34286 TD
( 2.1 FIRE )Tj
0 -1.2 TD
( 2.2 FLOODS AND OTHER WATER DAMAGE )Tj
T*
( 2.3 EARTHQUAKES )Tj
T*
( 2.4 TORNADOES )Tj
T*
( 2.5 POWER OUTAGES )Tj
T*
( 2.6 A/C OR HEATING FAILURE )Tj
T*
( 2.7 THEFT/ROBBERY/UNAUTHORIZED ACCESS )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(3 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
515 0 obj 3925
endobj
516 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
ET
0 0 1 RG
0.39796 w 10 M 0 j 0 J []0 d
9.28961 738.53497 m
204.37158 738.53497 l
S
0 0 1 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 739.72888 Tm
(CHAPTER 3 SPECIFIC ISSUES)Tj
0 0 0 rg
( )Tj
0 -1.34286 TD
( 3.1 INTRODUCTION )Tj
0 -1.2 TD
( 3.2 SOES, UNEMPLOYMENT INSURANCE BUREAU )Tj
T*
( 3.2.1 UNEMPLOYMENT INSURANCE BUREAU CLAIMS OPERATIONS )Tj
T*
( 3.2.1.1 FOURVILLE FIELD OFFICE )Tj
T*
( 3.2.1.1.1 EMPLOYER'S CHARGE )Tj
T*
( 3.2.1.1.2 ADJUSTMENTS AND OVERPAYMENTS )Tj
T*
( 3.2.1.1.3 ADJUDICATIONS )Tj
T*
( 3.2.1.1.4 CLERICAL SUPPORT )Tj
T*
( 3.2.1.1.5 AUDITING/TRAINING )Tj
T*
( 3.2.1.1.6 TSI SUPPORT )Tj
T*
( 3.2.1.1.7 PERSONNEL )Tj
T*
( 3.2.1.2 TWOVILLE FILED OFFICE )Tj
T*
( 3.2.1.2.1 DATA ENTRY )Tj
T*
( 3.2.1.2.2 CORRESPONDENCE )Tj
T*
( 3.2.1.2.3 CASH DISPOSITION )Tj
T*
( 3.2.1.2.4 TELEPHONES )Tj
T*
( 3.2.1.2.5 AUDITING/TRAINING )Tj
T*
( 3.2.1.2.6 TSI SUPPORT )Tj
T*
( 3.2.1.2.7 PERSONNEL )Tj
T*
( 3.2.1.3 THREEVILLE FIELD OFFICE )Tj
T*
( 3.2.1.3.1 DATA ENTRY )Tj
T*
( 3.2.1.3.2 CORRESPONDENCE )Tj
T*
( 3.2.1.3.3 AUDITING AND TRAINING )Tj
T*
( 3.2.1.3.4 TURNKEY SYSTEMS INC. \(TSI\) SUPPORT )Tj
T*
( 3.2.1.3.5 PERSONNEL )Tj
T*
( 3.2.2 UNEMPLOYMENT INSURANCE BUREAU MANAGEMENT SERVICES )Tj
T*
( 3.2.3 LIAISON AND EMPLOYER AUDIT AND REVIEW )Tj
T*
( 3.2.3.1 EMPLOYER AUDIT AND REVIEW )Tj
T*
( 3.2.3.1.1 INITIAL EMPLOYER REVIEW UNIT )Tj
T*
( 3.2.3.1.2 EMPLOYER AUDIT UNIT )Tj
T*
( 3.2.3.1.3 PROGRAM INTEGRITY )Tj
T*
( 3.2.2.1 LIAISON )Tj
T*
( 3.2.3.2.1 LIAISON )Tj
T*
( 3.2.3.2.2 FAIR HEARINGS )Tj
T*
( 3.2.4 EMPLOYER TAX RECORDS )Tj
T*
( 3.3 TURNKEY SYSTEMS INCE, SOFTWARE SUPPORT \(headquarters\) )Tj
T*
( 3.3.1 FE TEAM )Tj
T*
( 3.3.2 B TEAM )Tj
T*
( 3.3.3 SYSTEM SUPPORT )Tj
T*
( 3.4 TURNKEY SYSTEMS INCE. MAIN DATA CENTER )Tj
T*
( 3.4.1 MAIN DATA CENTER SECURITY )Tj
0 -1.20001 TD
( 3.4.2 SYSTEMS SOFTWARE )Tj
0 -1.2 TD
( 3.4.3 ONLINE APPLICATIONS )Tj
T*
( 3.4.4 TECH SUPPORT/RTI DIVISION )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(4 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
517 0 obj 2844
endobj
518 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( 3.4.5 DATA MANAGEMENT DIVISION )Tj
0 -1.2 TD
( 3.4.5.1 TAPE LIBRARY )Tj
T*
( 3.4.5.2 MINI COMPUTER GROUP )Tj
T*
( 3.4.6 ONLINE/RJE DIVISION )Tj
T*
( 3.4.7 OUTPUT CONTROL DIVISION )Tj
T*
( 3.5 ACCOUNTING SERVICES )Tj
T*
( 3.5.1 PROGRAMS ACCOUNTING )Tj
T*
( 3.6 LEGAL AFFAIRS )Tj
T*
( 3.7 CONSUMER AFFAIRS )Tj
T*
( 3.8 GENERAL AUDIT )Tj
T*
( 3.9 PLANS AND RESEARCH )Tj
T*
( 3.10 PERSONNEL ADMINISTRATION )Tj
T*
( 3.10.1 COMPENSATION AND BENEFITS )Tj
T*
( 3.10.2 EMPLOYEE/LABOR RELATIONS )Tj
T*
( 3.10.3 EMPLOYEE SELECTION/DEVELOPMENT )Tj
T*
( 3.11 GENERAL SERVICES )Tj
T*
( 3.11.1 FACILITIES )Tj
T*
( 3.11.2 MAIL AND DISTRIBUTION )Tj
T*
( 3.11.3 MATERIEL SERVICES)Tj
ET
0.5 0.5 0.5 rg
9.28961 461.68304 m
9.28961 463.54099 l
602.71039 463.54099 l
601.78143 462.61203 l
10.21857 462.61203 l
10.21857 462.612 l
h
f
0.875 0.875 0.875 rg
602.71039 463.54099 m
602.71039 461.68304 l
9.28961 461.68304 l
10.21857 462.612 l
601.78143 462.612 l
601.78143 462.61203 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 443.94748 Tm
( )Tj
/T1_2 1 Tf
19.98079 -3.76965 Td
(CHAPTER 1)Tj
-6.1385 -2.39999 Td
(FINDINGS AND RECOMMENDATIONS)Tj
/T1_1 1 Tf
-13.84229 -2.54463 Td
( )Tj
/T1_3 1 Tf
0 -2.39999 TD
(1.1. INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(This chapter contains a summary of all findings and )Tj
T*
(recommendations resulting from the risk analysis. The finding )Tj
T*
(number is the key to the to the section of the report in which the \
)Tj
T*
(finding is discussed and the risk analysis calculations are )Tj
T*
(explained. The finding number is equal to the section number )Tj
T*
(followed by a dash followed by the ordinal number of the finding )Tj
T*
(within the section. For example, Finding 3.9.2.4-3 would be the )Tj
T*
(third finding in Chapter 3, section 3.9.2.4. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(1.2 SUMMARY OF FINDINGS AND RECOMMENDATIONS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_4 1 Tf
T*
(Finding 2.2-1:)Tj
/T1_1 1 Tf
( The Threeville Field Office is )Tj
T*
(subject to flooding. )Tj
/T1_4 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Prepare a formal contingency plan for )Tj
T*
(the field office. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(5 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
519 0 obj 3423
endobj
520 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(Finding 2.3-1:)Tj
/T1_1 1 Tf
( The risk of earthquake damage to )Tj
T*
(the State Office of Employment Security Oneville facilities and )Tj
T*
(their contents should be accounted for in a contingency plan. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Prepare a detailed contingency plan for )Tj
T*
(SOES's Oneville facilities. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 2.3-2:)Tj
/T1_1 1 Tf
( The Threeville field office )Tj
T*
(building could collapse during an earthquake. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Prepare a contingency plan for the )Tj
T*
(Threeville Field Office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 2.7-1:)Tj
/T1_1 1 Tf
( Headquarters offices are )Tj
T*
(susceptible to unauthorized access. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Monitor the performance of the guard )Tj
T*
(force and demand compliance with established procedures. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 2.7-2:)Tj
/T1_1 1 Tf
( The wearing of badges at 456 Main )Tj
T*
(Street is not enforced. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Enforce the wearing of badges at 456 )Tj
T*
(Main street. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 2.7-3:)Tj
/T1_1 1 Tf
( The State Supply warehouse is )Tj
T*
(susceptible to unauthorized access. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( N/A. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 2.7-4:)Tj
/T1_1 1 Tf
( The Threeville Field Office is )Tj
T*
(susceptible to unauthorized access. )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Repair the gap in the rear exit door. )Tj
0 -1.2 TD
(Replace the photoelectric beam detectors with motion detectors. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(Finding 2.7-5:)Tj
/T1_1 1 Tf
( The custodial services at the )Tj
0 -1.2 TD
(field offices perform their duties after hours and are not )Tj
T*
(supervised by SOES personnel. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Have the custodial services perform )Tj
T*
(their duties during normal business hours. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.1-1:)Tj
/T1_1 1 Tf
( The Wage Record file is )Tj
T*
(unprotected. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide secure storage for the Wage )Tj
T*
(Record file at the Fourville field office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.1-2:)Tj
/T1_1 1 Tf
( The outside entrance to the )Tj
T*
(Fourville field office is unmonitored during the early morning and \
)Tj
T*
(late afternoon hours. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Ensure that the reception area is )Tj
T*
(staffed at all times when the main entrance door is unlocked. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(6 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
521 0 obj 3351
endobj
522 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(Alternatively, install a bell or other signaling device which will \
)Tj
0 -1.2 TD
(sound when the door is opened from the outside. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.1.2-1:)Tj
/T1_1 1 Tf
( It is possible for a )Tj
T*
(processor in the Adjustments and Overpayments Section to )Tj
T*
(reactivated and pay a denied claim or to make an adjustment to a )Tj
T*
(claim in a fraudulent manner. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Apply separation of duties between )Tj
T*
(adjustment and overpayment processing and other aspects of claims )Tj
T*
(processing. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2-1:)Tj
/T1_1 1 Tf
( The Wage Record file is )Tj
T*
(unprotected. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide secure storage for the Wage )Tj
T*
(Record file at the Twoville field office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2-2:)Tj
/T1_1 1 Tf
( Outside doors to the Twoville )Tj
T*
(field office \(other than the main entrance\) are unalarmend during \
)Tj
T*
(business hours. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Install deadbolt locks on all but the )Tj
T*
(main entrance door. issue keys to those who must use the doors in \
)Tj
T*
(the conduct of their official duties. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2-3:)Tj
/T1_1 1 Tf
( Dry chemical fire )Tj
T*
(extinguishers are provided for work areas in which CRT terminals )Tj
T*
(are located. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Replace the dry chemical extinguishers )Tj
T*
(with halon extinguishers. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2-4:)Tj
/T1_1 1 Tf
( Documents describing )Tj
T*
(restricted access software are not give special protection in the )Tj
T*
(Twoville field office. )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Access to restricted software should be )Tj
0 -1.2 TD
(controlled through passwords or user security profiles, not )Tj
T*
(through the secrecy of operating procedures. In the present )Tj
0 -1.20001 TD
(situation, the restricted documents should be stored in locked )Tj
0 -1.2 TD
(desks or cabinets. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2.2-1:)Tj
/T1_1 1 Tf
( Correspondence processors )Tj
T*
(can divert claim payments from their intended recipients in a )Tj
T*
(variety of ways. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Determine patterns of claims processing )Tj
T*
(transactions which would be carried out when fraud was being )Tj
T*
(attempted. Flag for s special review all claims to which these )Tj
T*
(patterns apply. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(7 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
523 0 obj 3653
endobj
524 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Finding 3.2.1.2.3-1:)Tj
/T1_2 1 Tf
( Passwords controlling )Tj
0 -1.2 TD
(access to CUIS Cash Disposition functions are not changed when )Tj
T*
(employees who know them terminate their employment. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( All access control keys \(both logical )Tj
T*
(and physical\) should be returned to SOES or rendered unusable upon \
)Tj
T*
(the termination of employees who possess them. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.3-2:)Tj
/T1_2 1 Tf
( Passwords controlling )Tj
T*
(access to CUIS Cash Disposition functions are sometimes written )Tj
T*
(down by the clerks entrusted with them. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Establish and enforce a policy that )Tj
T*
(passwords are not to be written down. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.3-3:)Tj
/T1_2 1 Tf
( There is no effective )Tj
T*
(control over mail which may be addressed to specific field office )Tj
T*
(employees and which may contain checks made out to those )Tj
T*
(employees. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Require that mail addressed to )Tj
T*
(individual employees be opened by mailroom personnel or in the )Tj
T*
(presence of a second party. Require also that employees not )Tj
T*
(intentionally direct personal mail to the SOES address. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.4-1:)Tj
/T1_2 1 Tf
( Address changes are )Tj
T*
(accepted for Unemployment Insurance Bureau claimants over the )Tj
T*
(telephone. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Use personal information to validate the )Tj
T*
(caller's identity. Send notification of the address change to the \
)Tj
T*
(old address. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(Finding 3.2.1.2.5-1:)Tj
/T1_2 1 Tf
( Auditors in the Twoville )Tj
T*
(field office report to the heads of the units they audit. )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( The auditors should report directly to )Tj
0 -1.2 TD
(the field office manager. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.3-1:)Tj
/T1_2 1 Tf
( The main entrance of the )Tj
T*
(Threeville field office is not monitored during the early morning )Tj
T*
(and late afternoon. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Ensure that the reception area is )Tj
T*
(staffed at all times when the main entrance door is unlocked. )Tj
T*
(Alternatively, install a bell or other signaling device which will \
)Tj
T*
(sound when the door is opened from the outside. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.2.1.2.3-2:)Tj
/T1_2 1 Tf
( Documents describing )Tj
T*
(restricted access software are not given special protection at the \
)Tj
T*
(Threeville field office. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Access to restricted software should be )Tj
T*
(controlled through passwords or user security profiles, not )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(8 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
525 0 obj 3484
endobj
526 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(through the secrecy of operating procedures. In the present )Tj
0 -1.2 TD
(situation, the restricted documents should be stored in locked )Tj
T*
(desks or cabinets. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.3.3-1:)Tj
/T1_1 1 Tf
( The Correspondence Unit )Tj
T*
(auditor reports directly to the head of the Correspondence Unit at \
)Tj
T*
(the Threeville field office. The data entry auditors report to )Tj
T*
(the General Supervisor of the data entry units. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( All auditors should report directly to )Tj
T*
(the field office manager. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.3.3-2:)Tj
/T1_1 1 Tf
( The Training/Auditing )Tj
T*
(supervisor must relinquish most auditing responsibilities to the )Tj
T*
(General Supervisor when training classes are in session. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Assign the audit responsibility to a )Tj
T*
(single person reporting directly to the field office manager. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.3.4-1:)Tj
/T1_1 1 Tf
( The backup A/C unit for the )Tj
T*
(Threeville Data Center is not periodically tested. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Test the backup A/C unit on a regular )Tj
T*
(basis. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2.4-2:)Tj
/T1_1 1 Tf
( Visitor access records are )Tj
T*
(not kept at the Threeville Data Center. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Keep records of visitor access to the )Tj
T*
(Threeville Data Center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.1.2.4-3:)Tj
/T1_1 1 Tf
( There are no underfloor )Tj
T*
(water detectors at the Threeville Data Center. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Install underfloor water detectors at )Tj
T*
(the Threeville Data Center. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(Finding 3.2.3.1.2-1:)Tj
/T1_1 1 Tf
( It would be possible for a )Tj
0 -1.2 TD
(reviewer to form a conspiracy for purposes of fraud with an )Tj
T*
(employer for whom he's responsible. )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide more than on possible processor )Tj
0 -1.2 TD
(for each aspect of claims processing. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.4-1:)Tj
/T1_1 1 Tf
( There is no effective control )Tj
T*
(to ensure that employers who cease doing business or who leave the \
)Tj
T*
(area are purged from the Master Employer File. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Investigate ways to improve the accuracy )Tj
T*
(and currency of the master Employer File. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.2.4-2:)Tj
/T1_1 1 Tf
( Although signatures are )Tj
T*
(required on documents requesting Master Employer File updates, the \
)Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(9 of 10\
4\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
527 0 obj 3411
endobj
528 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(signatures are not verified. )Tj
/T1_2 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Verify signatures on Master Employer )Tj
T*
(File update requests. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.3-1:)Tj
/T1_1 1 Tf
( There is no effective separation )Tj
T*
(between CUIS development, testing and maintenance activities and )Tj
T*
(production operations. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide for the effective separation of )Tj
T*
(the development, maintenance and testing of application systems )Tj
T*
(and the production operation of those systems. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.3-2:)Tj
/T1_1 1 Tf
( It is possible for a single )Tj
T*
(person to carry out all steps necessary to insert a software )Tj
T*
(modification into the production CUIS system without independent )Tj
T*
(review. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Ensure that all changes, additions and )Tj
T*
(deletions to production CUIS software are reviewed by at least one \
)Tj
T*
(analyst not involved in their preparation. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.3-3:)Tj
/T1_1 1 Tf
( Journalization of CUIS )Tj
T*
(transactions is incomplete. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide for complete journalization of )Tj
T*
(CUIS transactions. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.3-4:)Tj
/T1_1 1 Tf
( Restricted UIS subsystems are )Tj
T*
(protected by secret clerk numbers coded into the software. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Use the ACF2 Security Software to )Tj
T*
(protect restricted CUIS modules where possible. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(Finding 3.3-5:)Tj
/T1_1 1 Tf
( The CUIS Software Support Group )Tj
T*
(does not enforce periodic changes of passwords and permits the )Tj
0 -1.20001 TD
(selection of passwords with mnemonic value. )Tj
/T1_2 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Enforce periodic changes of passwords. )Tj
T*
(Do not allow the use of Passwords with mnemonic value \(other than \
)Tj
T*
(perhaps pronounceability\). )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.3-6:)Tj
/T1_1 1 Tf
( CUIS is not supported to the )Tj
T*
(fullest extent possible by ACF2. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Use ACF2 to serve all the security needs )Tj
T*
(of online CUIS subsystems. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Finding 3.4.1-1:)Tj
/T1_1 1 Tf
( CO2 is in use in the data )Tj
T*
(center as a fire suppressant. It is potentially harmful to )Tj
T*
(personnel. )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( Provide full flood halon protection for )Tj
T*
(the entire data center. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(10 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
529 0 obj 3468
endobj
530 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(Finding 3.4.1-2:)Tj
/T1_2 1 Tf
( There is no visitor sign-in )Tj
0 -1.2 TD
(policy at the data center. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Implement a visitor sign-in policy for )Tj
T*
(the data center. Validate tape sign-out requests. Modify the )Tj
T*
(badge token authorizing data center access. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.1-3:)Tj
/T1_2 1 Tf
( The blue ID badge stripe which )Tj
T*
(authorizes data center access can be easily forged. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( In place of the blue stripe, use a )Tj
T*
(difficult to duplicate marking such as an engraved design and )Tj
T*
(attach it to the ID badge under the lamination. It then becomes )Tj
T*
(impossible to add or remove this credential once a badge has been )Tj
T*
(completely assembled, and the counterfeiting process is much more )Tj
T*
(difficult than before. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.1-4:)Tj
/T1_2 1 Tf
( Fire protection by CO2 is )Tj
T*
(provided only for the underfloor areas of the data center. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Install a full-flood halon system in the )Tj
T*
(data center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.1-5:)Tj
/T1_2 1 Tf
( The key to the storage area )Tj
T*
(containing blank Unemployment Insurance Bureau benefit checks is )Tj
T*
(kept on a hook near the computer console operator. The access )Tj
T*
(list for the key contains 30 names. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Pare down the access list for the key to )Tj
T*
(the Unemployment Insurance Bureau blank check storage area. )Tj
T*
(Maintain all copies of the key in protected or continuously )Tj
T*
(monitored storage locations. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.1-6:)Tj
/T1_2 1 Tf
( There are no alarms and only )Tj
T*
(hand-held fire extinguishers in the supply area adjacent to the )Tj
T*
(main computer room. )Tj
/T1_1 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Upgrade the fire detection and )Tj
0 -1.2 TD
(suppression equipment in the data center supply storage area. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(Finding 3.4.1-7:)Tj
/T1_2 1 Tf
( There is no smoke exhaust )Tj
0 -1.2 TD
(capability in the data center. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Formalize the use of portable fans for )Tj
T*
(exhausting smoke. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.2-1:)Tj
/T1_2 1 Tf
( There is no provision for the )Tj
T*
(real-time on-line reporting of incorrect password usage attempts )Tj
T*
(to a security officer. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Provide for the online reporting of )Tj
T*
(incorrect password entry attempts. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(11 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
531 0 obj 3765
endobj
532 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Finding 3.4.4-1:)Tj
/T1_2 1 Tf
( The data center has no policy )Tj
0 -1.2 TD
(requiring periodic changes to passwords. Users are allowed to )Tj
T*
(specify their own passwords. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( The data canter should require the use )Tj
T*
(of randomly generated passwords which are changed at least once a )Tj
T*
(year. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.5.1-1:)Tj
/T1_2 1 Tf
( No authorization checks are )Tj
T*
(made when tapes are signed out from the tape library. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Release tapes only to their owners or to )Tj
T*
(persons authorized in writing by the owners. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.5.1-2:)Tj
/T1_2 1 Tf
( Non-production tapes are )Tj
T*
(scratched automatically when the retention date is reached. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Consult tape owners prior to scratching )Tj
T*
(tapes whose retention dates have passed. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.4.5.1-3:)Tj
/T1_2 1 Tf
( Tapes are not degaussed after )Tj
T*
(scratching and prior to reuse. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Degauss all scratch tapes prior to )Tj
T*
(reissue. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.5.1-1:)Tj
/T1_2 1 Tf
( Secure areas used by the )Tj
T*
(Accounting Department have walls which do not extend to the true )Tj
T*
(ceiling. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Extend the walls of all secure storage )Tj
T*
(areas to meet the true ceiling. )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(Finding 3.5.1-2:)Tj
/T1_2 1 Tf
( Benefit checks returned to SOES )Tj
0 -1.2 TD
(are not batched and present an easy target for abuse. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Batch returned checks in the mailroom )Tj
0 -1.20001 TD
(prior to sending them to Cash Receiving. Then destroy the checks )Tj
0 -1.2 TD
(after generating the necessary accounting records> )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.8-1:)Tj
/T1_2 1 Tf
( When an audit is to be conducted, )Tj
T*
(advance notice is given to the affected department. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( As a matter of policy, give no notice of )Tj
T*
(impending audit activity to the affected departments. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(Finding 3.11.2-1:)Tj
/T1_2 1 Tf
( The storeroom used by the Mail )Tj
T*
(and Distribution Department has walls which do not extend to the )Tj
T*
(true ceiling as well as unalarmend exterior windows. )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( Extend the walls of all secure storage )Tj
T*
(areas to meet the true ceiling. )Tj
T*
( )Tj
ET
0.5 0.5 0.5 rg
9.28961 55.91257 m
9.28961 57.77049 l
602.71039 57.77049 l
601.78143 56.84154 l
10.21857 56.84154 l
10.21857 56.84152 l
h
f
0.875 0.875 0.875 rg
602.71039 57.77049 m
602.71039 55.91257 l
9.28961 55.91257 l
10.21857 56.84152 l
601.78143 56.84152 l
601.78143 56.84154 l
h
f
0 0 0 rg
BT
/T1_2 1 Tf
13.00546 0 0 13.00546 9.28961 38.17699 Tm
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(12 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
533 0 obj 6179
endobj
534 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 754.41742 Tm
( )Tj
/T1_2 1 Tf
8.03479 -2.56966 Td
(1.3 SUMMARY OF ALES, SAFEGUARD COSTS AND SAVINGS)Tj
/T1_3 1 Tf
-7.8205 -5.75891 Td
(Finding )Tj
0.60001 -1.2 Td
(Number)Tj
5.08571 1.2 Td
(Subject Area )Tj
0.89999 -1.2 Td
(of Finding)Tj
8.68571 4.2 Td
(ALE )Tj
-0.60001 -1.2 Td
(Times )Tj
0.3 -1.2 Td
(3.79 )Tj
-0.60001 -1.2 Td
(Equals )Tj
0.60001 -1.2 Td
(5-yr )Tj
0 -1.2 TD
(Loss )Tj
-0.60001 -1.2 Td
(Now \($\))Tj
4.4857 5.39999 Td
(Minus )Tj
T*
(New 5-)Tj
0.89999 -1.2 Td
(yr )Tj
-0.3 -1.2 Td
(Loss)Tj
4.18571 3.60001 Td
(Equals )Tj
-0.89999 -1.2 Td
(Reduction )Tj
0.60001 -1.2 Td
(in 5-yr )Tj
T*
(Loss \($\))Tj
5.68571 2.39999 Td
(Compare )Tj
T*
(to Costs)Tj
5.68571 3 Td
(Savings )Tj
0.60001 -1.2 Td
(\($\) = )Tj
0.3 -1.2 Td
(Loss )Tj
-1.5 -1.2 Td
(Reduction )Tj
T*
(Minus Cost)Tj
6.28571 3.60001 Td
(Cost to )Tj
T*
(Savings )Tj
0.89999 -1.2 Td
(Ratio)Tj
/T1_1 1 Tf
-41.3 -3.88573 Td
(32125-1)Tj
T*
(32134-1)Tj
T*
(32123-3)Tj
T*
(3451-1)Tj
T*
(32312-1)Tj
T*
(38- 1)Tj
T*
(32134-2)Tj
T*
(3211-2)Tj
T*
(3212-2)Tj
T*
(27-4)Tj
T*
(3212-4)Tj
T*
(351- 2)Tj
T*
(3451-2)Tj
T*
(27-1)Tj
T*
(341-2)Tj
T*
(351-1)Tj
T*
(3.11.2-1)Tj
T*
(3212-3)Tj
T*
(27- 5)Tj
T*
(32124-1)Tj
T*
(32112-1)Tj
T*
(3211-1)Tj
T*
(33-1)Tj
5.08571 26.39999 Td
(Auditor Conflct)Tj
T*
(Backup AC Test)Tj
T*
(Personal Mail)Tj
T*
(Tape Lib ID Chk)Tj
T*
(Clms Revw Fraud)Tj
T*
(Audit Notice)Tj
T*
(Visitor Records)Tj
T*
(4ville Entrance)Tj
T*
(2ville Entrance)Tj
T*
(3ville Phys Sec)Tj
T*
(Protect Documts)Tj
T*
(Returned Checks)Tj
T*
(Tape Scratch)Tj
T*
(HQ Phys. Secur)Tj
T*
(Visitor Sign-in)Tj
T*
(False Walls)Tj
T*
(False Walls)Tj
T*
(Dry Chem Exting)Tj
T*
(Unsupv Janitors)Tj
T*
(Address Change)Tj
T*
(Adj/Ovpmt Fraud)Tj
T*
(WR File Secur)Tj
T*
(CUIS Dev/Prod)Tj
11.68571 26.39999 Td
(57K)Tj
T*
(16K)Tj
-0.60001 -1.2 Td
(3.4K)Tj
T*
(2.3K)Tj
T*
(2.3K)Tj
T*
(1.1K)Tj
0.60001 -1.2 Td
(460)Tj
-1.2 -1.2 Td
(2 .7M)Tj
0.60001 -1.2 Td
(1.9M)Tj
0.60001 -1.2 Td
(12M)Tj
-0.60001 -1.2 Td
(284K)Tj
T*
(190K)Tj
T*
(144K)Tj
T*
(380K)Tj
T*
(1.8M)Tj
T*
(380K)Tj
0.60001 -1.2 Td
(38K)Tj
T*
(10K)Tj
-0.60001 -1.2 Td
(190K)Tj
T*
(2.3K)Tj
0.60001 -1.2 Td
(34K)Tj
-0.60001 -1.2 Td
(2.3K)Tj
0.60001 -1.2 Td
(57K)Tj
3.28571 26.39999 Td
(2.8K)Tj
1.8 -1.2 Td
(0)Tj
-1.2 -1.2 Td
(170)Tj
1.2 -1.2 Td
(0)Tj
-1.2 -1.2 Td
(110)Tj
T*
(110)Tj
T*
(230)Tj
1.2 -1.2 Td
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
-1.2 -1.2 Td
(36K)Tj
T*
(19K)Tj
-0.60001 -1.2 Td
(450K)Tj
T*
(190K)Tj
1.8 -1.2 Td
(0)Tj
T*
(0)Tj
-1.2 -1.2 Td
(19K)Tj
T*
(110)Tj
-0.60001 -1.2 Td
(3.4K)Tj
0.60001 -1.2 Td
(230)Tj
-0.60001 -1.2 Td
(5.7K)Tj
6.88573 26.39999 Td
(54K)Tj
T*
(16K)Tj
-0.60001 -1.2 Td
(3.2K)Tj
T*
(2.3K)Tj
T*
(2.2K)Tj
1.2 -1.2 Td
(1K)Tj
-0.60001 -1.2 Td
(230)Tj
-1.2 -1.2 Td
(2.7 M)Tj
0.60001 -1.2 Td
(1.9M)Tj
0.60001 -1.2 Td
(12M)Tj
-0.60001 -1.2 Td
(284K)Tj
T*
(190K)Tj
T*
(110K)Tj
T*
(360K)Tj
T*
(1.4M)Tj
T*
(190K)Tj
0.60001 -1.2 Td
(38K )Tj
T*
(10K)Tj
-0.60001 -1.2 Td
(170K)Tj
T*
(2.2K)Tj
0.60001 -1.2 Td
(31K)Tj
-0.60001 -1.2 Td
(2.1K)Tj
0.60001 -1.2 Td
(51K)Tj
6.28571 26.39999 Td
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
-1.2 -1.2 Td
(300)Tj
T*
(300)Tj
T*
(20K )Tj
-0.60001 -1.2 Td
(2.2K)Tj
T*
(4.2K)Tj
-0.60001 -1.2 Td
(11.4K)Tj
0.60001 -1.2 Td
(8.7K)Tj
0.60001 -1.2 Td
(42K)Tj
0.60001 -1.2 Td
(6K)Tj
T*
(2K)Tj
-1.2 -1.2 Td
(1.2K)Tj
0.60001 -1.2 Td
(87K)Tj
-0.60001 -1.2 Td
(1.2K)Tj
0.60001 -1.2 Td
(22K)Tj
-0.60001 -1.2 Td
(1.5K)Tj
0.60001 -1.2 Td
(38K)Tj
6.28572 26.39999 Td
(54K)Tj
T*
(16K)Tj
-0.60001 -1.2 Td
(3.2K)Tj
T*
(2.3K)Tj
T*
(2.2K)Tj
1.2 -1.2 Td
(1k)Tj
-0.60001 -1.2 Td
(230)Tj
-1.2 -1.2 Td
(2.7 M)Tj
0.60001 -1.2 Td
(1.9M)Tj
0.60001 -1.2 Td
(12M)Tj
-0.60001 -1.2 Td
(282K)Tj
T*
(186K)Tj
0.60001 -1.2 Td
(99K)Tj
-0.60001 -1.2 Td
(350K)Tj
T*
(1.4M)Tj
T*
(184K)Tj
0.60001 -1.2 Td
(36K )Tj
0.60001 -1.2 Td
(9K)Tj
-0.60001 -1.2 Td
(83K)Tj
0.60001 -1.2 Td
(1K)Tj
T*
(9K)Tj
-0.60001 -1.2 Td
(600)Tj
T*
(13K)Tj
6.28571 26.39999 Td
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
T*
(0)Tj
-3 -1.2 Td
(1.1E-4)Tj
-0.60001 -1.2 Td
(1.6E- 4)Tj
1.8 -1.2 Td
(.002)Tj
T*
(.008)Tj
T*
(.023)Tj
T*
(.023)Tj
T*
(.025)Tj
T*
(.030)Tj
T*
(.033)Tj
T*
(.056)Tj
T*
(.133)Tj
T*
(1.05)Tj
T*
(1.20)Tj
T*
(2.44)Tj
T*
(2.50)Tj
T*
(2.92)Tj
-42.8 -1.48572 Td
(22-1)Tj
T*
(23-2)Tj
5.08571 1.2 Td
(3ville Flooding)Tj
T*
(3ville Quake)Tj
11.08572 1.2 Td
(307K)Tj
0.60001 -1.2 Td
(45K)Tj
3.28571 1.2 Td
(284K)Tj
0.60001 -1.2 Td
(30K)Tj
6.28572 1.2 Td
(23K)Tj
T*
(15K)Tj
6.28571 1.2 Td
( )Tj
-1.2 -1.2 Td
(29K)Tj
7.48572 1.2 Td
( )Tj
-0.60001 -1.2 Td
(9K)Tj
5.68571 1.2 Td
( )Tj
-1.8 -1.2 Td
(3.22)Tj
-42.8 -2.08571 Td
(23-1)Tj
T*
(324-1)Tj
T*
(341-7)Tj
T*
(341-1)Tj
5.08571 4.2 Td
(Capitaltown )Tj
T*
(quake)Tj
T*
(Mster Empl File)Tj
T*
(Smoke Exhaust)Tj
T*
(C02 As Fire Sup)Tj
11.68571 4.2 Td
(23K)Tj
-1.2 -1.2 Td
(11.4K)Tj
2.39999 -1.2 Td
(0)Tj
-0.60001 -1.2 Td
(38)Tj
2.68571 3.60001 Td
(6.1K)Tj
-0.60001 -1.2 Td
(1.14K)Tj
2.39999 -1.2 Td
(0)Tj
T*
(0)Tj
5.08572 3.60001 Td
(17K)Tj
-1.8 -1.2 Td
(10.26K)Tj
3 -1.2 Td
(0)Tj
-0.60001 -1.2 Td
(38)Tj
4.4857 3.60001 Td
(16K)Tj
-1.2 -1.2 Td
(10.1K)Tj
0.60001 -1.2 Td
(3.7K)Tj
0.60001 -1.2 Td
(20K)Tj
6.88573 3.60001 Td
(1K)Tj
-0.60001 -1.2 Td
(160)Tj
-1.2 -1.2 Td
(-3.7K)Tj
0.60001 -1.2 Td
(-20K)Tj
5.08571 3.60001 Td
(16.0)Tj
T*
(63.1)Tj
1.2 -1.2 Td
(-1)Tj
T*
(-1)Tj
ET
0.5 0.5 0.5 rg
9.28961 96.61201 m
9.28961 98.46994 l
602.71039 98.46994 l
601.78143 97.54099 l
10.21857 97.54099 l
10.21857 97.54097 l
h
f
0.875 0.875 0.875 rg
602.71039 98.46994 m
602.71039 96.61201 l
9.28961 96.61201 l
10.21857 97.54097 l
601.78143 97.54097 l
601.78143 97.54099 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 78.87643 Tm
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(13 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
535 0 obj 3411
endobj
536 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 269.14902 755.17267 Tm
(CHAPTER 2)Tj
-1.584 -2.39999 Td
(GENERAL ISSUES)Tj
/T1_2 1 Tf
-18.39679 -2.54463 Td
( )Tj
0 -1.2 TD
( )Tj
T*
(This chapter is concerned with findings related to general risks; )Tj
T*
(that is, risks which affect the overall SOES Unemployment )Tj
T*
(Insurance Bureau Computer Operation as opposed to a single )Tj
T*
(department, branch, section, facility, asset, etc. )Tj
T*
( )Tj
T*
(Each section in this chapter deals with a specific risk, such as )Tj
T*
(fire, flood, etc. At the beginning of each section is a paragraph \
)Tj
T*
(entitled )Tj
/T1_3 1 Tf
(BACKGROUND AND INTRODUCTION)Tj
/T1_2 1 Tf
(. This paragraph )Tj
T*
(particularizes considerations involving the risk to the SOES )Tj
T*
(environment and explains the techniques to be used in evaluating )Tj
T*
(the impact of the risk in that environment. )Tj
T*
( )Tj
T*
(Following the background and introduction is a series of one or )Tj
T*
(more )Tj
/T1_3 1 Tf
(FINDINGS)Tj
/T1_2 1 Tf
( related to the subject risk. Each finding )Tj
T*
(is a briefly stated conclusion about the effect of the risk on )Tj
T*
(SOES Unemployment Insurance Bureau Computer Operations. )Tj
T*
( )Tj
T*
(After the finding is a paragraph entitled )Tj
/T1_3 1 Tf
(RELATED CONTROL )Tj
T*
(STANDARD)Tj
/T1_2 1 Tf
(. This is a statement of a generally accepted )Tj
T*
(principle of good security practice. Several professional EDP )Tj
T*
(auditing groups have prepared codified lists of standards which )Tj
T*
(have been published in the literature and subjected to peer )Tj
0 -1.20001 TD
(review. One of the earliest of these is the "Computer Control )Tj
0 -1.2 TD
(Guideline" first published by the Canadian Institute of Chartered )Tj
T*
(Accountants in 1970. Another is "Control Objectives - 1980" )Tj
0 -1.20001 TD
(published by the EDP Auditors Foundation for Education and )Tj
0 -1.2 TD
(Research \(EDPAFER\). It is this latter document from which the )Tj
T*
(control standard references used in this report are taken. )Tj
T*
( )Tj
T*
(The primary purpose for stating the EDPAFER minimum requirement )Tj
T*
(related to each finding is to demonstrate that in fact the finding \
)Tj
T*
(does represent a situation in which a requirement is not being )Tj
T*
(met. )Tj
T*
( )Tj
T*
(A second reason for stating the EDPAFER requirement for each )Tj
T*
(finding is that comments are often made that certain findings are )Tj
T*
(not related to computer security issues. )Tj
T*
( )Tj
T*
(Our view, however, is that computer security embraces )Tj
/T1_3 1 Tf
(all)Tj
/T1_2 1 Tf
( )Tj
T*
(issues which must be addressed to assure the )Tj
/T1_3 1 Tf
(continuous)Tj
/T1_2 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(14 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
537 0 obj 3614
endobj
538 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(and )Tj
/T1_2 1 Tf
(reliable)Tj
/T1_1 1 Tf
( operation of a computer center and the )Tj
0 -1.2 TD
(timely accomplishment of all its processing. )Tj
T*
( )Tj
T*
(Clearly this is a very broad objective. It encompasses such )Tj
T*
(concerns as ensuring that necessary supplies are delivered on )Tj
T*
(time; employing a detailed software development methodology to )Tj
T*
(ensure that production applications are virtually bug-free from )Tj
T*
(the beginning; and providing for good employee morale. )Tj
T*
( )Tj
T*
(Computer security also embraces the more obviously security- )Tj
T*
(related issues such as visitor access controls, data file )Tj
T*
(protection, sign-on passwords and so forth. )Tj
T*
( )Tj
T*
(When taken out of the context of an integrated ADP security )Tj
T*
(program, individual findings and issues may seem to be nothing )Tj
T*
(more than matters of ordinary good practice and totally unrelated )Tj
T*
(to security and integrity. Those who feel that such issues are )Tj
T*
(irrelevant to security should stop to consider the overall impact )Tj
T*
(of each finding. )Tj
T*
( )Tj
T*
(If the computer center runs out of printer paper because of a poor \
)Tj
T*
(inventory control system, job output cannot be printed and SYSOUT )Tj
T*
(must be dumped to tape before it fills up its allotted space. )Tj
T*
(Management does not get the information from this output on )Tj
T*
(schedule and important business decisions are delayed, perhaps )Tj
T*
(beyond firm deadlines. Proper management of supplies may not seem \
)Tj
T*
(like a matter of security but it clearly can be as this example )Tj
T*
(shows. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Lack of a detailed software development methodology can lead to )Tj
T*
(applications which are poorly designed, cryptically coded and )Tj
0 -1.20001 TD
(sparsely documented. Such applications must be frequently removed )Tj
0 -1.2 TD
(from production due to bugs. The software maintenance personnel )Tj
T*
(spend may unnecessary hours attempting to thread through the )Tj
T*
(cryptic code and read between the lines of the sparse )Tj
T*
(documentation. The production output that does get into the hands \
)Tj
T*
(of the user may contain errors and lead to bad decisions. )Tj
T*
( )Tj
T*
(Failure to ensure good employee morale can lead to purposefully )Tj
T*
(careless work habits, strikes \(if the employees are unionized\), )Tj
T*
(fraudulent destructive activity and/or a high employee turnover )Tj
T*
(rate. Bad employee morale, if not avoided, can thus lead to )Tj
T*
(anything from a loss of efficiency to the total paralysis of the )Tj
T*
(computing operation. )Tj
T*
( )Tj
T*
(The next paragraph associated with each finding is entitled )Tj
/T1_2 1 Tf
T*
(DISCUSSION)Tj
/T1_1 1 Tf
(. This paragraph expands upon and provides the )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(15 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
539 0 obj 3488
endobj
540 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(details necessary to understand the finding. )Tj
0 -1.2 TD
( )Tj
T*
(Following the discussion is a )Tj
/T1_2 1 Tf
(RISK ANALYSIS)Tj
/T1_1 1 Tf
( paragraph )Tj
T*
(which describes the calculations which were carried out to compute \
)Tj
T*
(the annual loss expectancy. These calculations involve )Tj
/T1_3 1 Tf
T*
(estimates)Tj
/T1_1 1 Tf
( of the annual frequencies with which undesirable )Tj
T*
(events occur and )Tj
/T1_3 1 Tf
(estimates)Tj
/T1_1 1 Tf
( of the extent of monetary loss )Tj
T*
(which will result from the occurrence of the events. The )Tj
T*
(calculations are inexact and the results are rounded to two )Tj
T*
(significant figures to reflect this fact. )Tj
T*
( )Tj
T*
(Next is a paragraph called )Tj
/T1_2 1 Tf
(SUGGESTED SAFEGUARDS AND COST )Tj
T*
(BENEFIT ANALYSIS)Tj
/T1_1 1 Tf
(. In this paragraph additional safeguards )Tj
T*
(are proposed to reduce the expected loss and/or the annual )Tj
T*
(frequency estimate associated with the finding. The cost of )Tj
T*
(installing and operating each additional safeguard is compared to )Tj
T*
(the reduction in the ALE it will bring about. Again, the results \
)Tj
T*
(of calculations are rounded to reflect their inexactness. )Tj
T*
( )Tj
T*
(Finally, there is a )Tj
/T1_2 1 Tf
(RECOMMENDATION)Tj
/T1_1 1 Tf
( paragraph. )Tj
T*
(Recommendations are specific and based on the cost-benefit )Tj
T*
(analysis of the preceding paragraph. )Tj
/T1_3 1 Tf
T*
( )Tj
T*
(2.1 FIRE )Tj
T*
( )Tj
T*
(HEADQUARTERS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The headquarters buildings do not have an automatic fire sprinkler \
)Tj
T*
(system. Each floor has portable fire extinguishers with an ABC )Tj
T*
(fire rating. A comprehensive fire safety program is being )Tj
T*
(followed. The facilities are inspected by the fire department )Tj
T*
(once a month. All the employees are made aware of the evacuation )Tj
0 -1.20001 TD
(producers and specially assigned personnel are trained to assist )Tj
0 -1.2 TD
(in the evacuation of the building. The local fire station is )Tj
T*
(within a one mile radius and the response time is less than one )Tj
0 -1.20001 TD
(minutes. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(999 BACK STREET)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The State Supply Warehouse building is equipped with automatic )Tj
T*
(fire sprinkler systems throughout the work area. When the )Tj
T*
(sprinkler system is activated, an alarm is generated and sent )Tj
T*
(directly to the XYZ Security Services central control office. )Tj
T*
(They contact the local fire station. The fire department inspects \
)Tj
T*
(the warehouse once a year. Each floor has portable fire )Tj
T*
(extinguishers with an ABC rating. A comprehensive fire safety )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(16 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
541 0 obj 3465
endobj
542 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(program is being followed. All employees are made aware of the )Tj
0 -1.2 TD
(evacuation procedures and specially assigned personnel are trained \
)Tj
T*
(to assist in the evacuation of the building. The fire department )Tj
T*
(is within a one mile radius and the response time is 45 seconds to \
)Tj
T*
(one minute. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FOURVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville Field office does not have an automatic sprinkler )Tj
T*
(system in the work area. The main floor has portable fire )Tj
T*
(extinguishers with ABC fire ratings. A comprehensive fire safety )Tj
T*
(program is being followed. The field office is periodically )Tj
T*
(inspected by the local fire department. All the employees are )Tj
T*
(made fully aware of the evacuation procedures. In the event of an \
)Tj
T*
(emergency, the department supervisor leads his own unit out )Tj
T*
(safely. The local fire station is within a two mile radius and )Tj
T*
(the response time is less than five minutes. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(Twoville)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Twoville field office has automatic fire sprinkler systems )Tj
T*
(throughout the work area. The field office is equipped both with )Tj
T*
(ABC and Halon fire extinguishers. A comprehensive fire safety )Tj
T*
(program is being followed. The facilities are periodically )Tj
T*
(inspected by the fire department on request by the field office )Tj
T*
(manager. All the employees are made aware of the evacuation )Tj
T*
(procedures. The local fire department is within a on mile radius )Tj
T*
(and the response time is one minute or less. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(THREEVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(The Threeville field office has automatic fire sprinkler systems )Tj
0 -1.2 TD
(throughout the area. The field office is equipped with ABC rated )Tj
T*
(fire extinguishers. A comprehensive fire safety program is being )Tj
T*
(followed. The facilities are inspected once every three months by \
)Tj
T*
(the local fire department. All the employees are made aware of )Tj
T*
(the evacuation procedures and specially assigned safety monitors )Tj
T*
(are trained to assist in the evacuation of the building. The fire \
)Tj
T*
(department is less than one mile away from the field office and )Tj
T*
(the response time is less than one minute. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(2.2. FLOODS AND OTHER WATER DAMAGE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(HEADQUARTERS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Since the headquarters of the Office of Employment Security are )Tj
T*
(located above sea level, the likelihood of a flood occurring is )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(17 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
543 0 obj 3474
endobj
544 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(minimal. The mean sea level in one hundred years will reach an )Tj
0 -1.2 TD
(estimated height of 5 ft. 6 in. at high tide according to the )Tj
T*
(National Oceanic and Atmospheric Administration. Therefore the )Tj
T*
(threat of any damage to the building structure or the contents )Tj
T*
(would be significant. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(999 BACK STREET)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Since the State Supply warehouse is located above sea level, the )Tj
T*
(likelihood of a flood occurring is minimal. The mean sea level )Tj
T*
(around the nearby body of water will reach an estimated height of )Tj
T*
(5ft. 6 in. at high tide every 100 years according to the national )Tj
T*
(Oceanic and Atmospheric Administration. Therefore the threat of )Tj
T*
(any damage to the building structure or the contents would be )Tj
T*
(insignificant )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FOURVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The State Department of Water Conservation is conducting a flood )Tj
T*
(control project in Fourville. The Big Fourville Creek and the )Tj
T*
(Little Fourville Creek flow through the town. The Little )Tj
T*
(Fourville Creek flood flow is diverted from Fourville to Fiveville \
)Tj
T*
(Count. The Big Fourville Creek flows to the north and then west, )Tj
T*
(where it joins the Big River. Fiveville County maintains the )Tj
T*
(levees and the passage gates while the State Department of Water )Tj
T*
(Conservation is responsible for the inspection, operation and )Tj
T*
(maintenance. The inspection of the levees occurs twice a year, )Tj
T*
(and they are considered to be strong and well maintained. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(TWOVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Hat Rive and the Wood River are not a direct threat to the two \
)Tj
0 -1.20001 TD
(of Twoville. If a flood occurred, Woodtown, which lies directly )Tj
0 -1.2 TD
(across the Wood River from Twoville, would be flooded by the Hat )Tj
T*
(River and the Wood River would continue to flow South. The Wood )Tj
0 -1.20001 TD
(River Dam and the Old Davis Dam are both considered to be good )Tj
0 -1.2 TD
(levees. They are inspected twice a year and are well maintained. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(THREEVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville Field office is located in a flood zone designated )Tj
T*
(as \(AO\) on a map produced by the U.S. Department of Housing and )Tj
T*
(Urban Development, Federal Insurance Administration. The )Tj
T*
(probability of a flood occurring in this zone is one in a hundred )Tj
T*
(years \(.01\). Zone AO refers to an area which should experience a \
)Tj
T*
(1-3 foot flood level not more than once every hundred years. The )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(18 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
545 0 obj 3160
endobj
546 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(potential source of flooding is the Dynamite Creek. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.2-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville Field Office is subject to flooding. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(When a flood occurs, the depth of the floodwaters would reach a )Tj
T*
(maximum level of three feet. Since the field office is located at \
)Tj
T*
(ground level, the floodwaters would reach the main floor level, )Tj
T*
(and damage the contents of the building. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Annual Frequency Estimate \(AFE\) of a flood reaching its )Tj
T*
(maximum depth of 3 feet is .01. )Tj
T*
( )Tj
T*
(The probability of floodwaters reaching the Threeville Field )Tj
T*
(Office main floor level is relatively high, because the field )Tj
T*
(office is at ground level. )Tj
T*
( )Tj
T*
(A reasonable estimate of cleanup would be $10K. This cleanup cost \
)Tj
T*
(includes the drying and shampooing of the carpets in the )Tj
T*
(Threeville Field office. The replacement cost for furniture, book \
)Tj
T*
(shelves, desks and supplies, would be about $500 per employee. )Tj
T*
(Also, each desk houses a CRT terminal. The standard desk measures \
)Tj
T*
(30in. \(or 2ft 6in\). Since the floodwaters reach maximum depth of \
)Tj
0 -1.20001 TD
(three feet, the CRTs would be damaged; the estimated loss is the )Tj
0 -1.2 TD
(number of CRTs to be replaced multiplied by the remaining lease )Tj
T*
(obligation per CRT. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The field office's vital records would be safe from water damage, )Tj
T*
(because they are or could easily be stored above the three foot )Tj
T*
(level. )Tj
T*
( )Tj
T*
(In the absence of a contingency plan, SOES would lose about two )Tj
T*
(weeks of operations while the cleanup was underway. )Tj
T*
( )Tj
T*
(The total loss is the total cost of recovering form the flood. )Tj
T*
(This is equal to the clean up cost plus the cost of replacing )Tj
T*
(office furniture and equipment plus the reaming obligation on the )Tj
T*
(ADP equipment lease plus the cost of the 1-1/2 weeks of overtime )Tj
T*
(which could be eliminated by a good disaster recovery plan \(part )Tj
T*
(of the contingency plan\). )Tj
T*
( )Tj
T*
(The cost of office furniture and equipment is 128 staff x $500 = )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(19 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
547 0 obj 2762
endobj
548 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
($64K. )Tj
0 -1.2 TD
( )Tj
T*
(The cleanup cost should not exceed $10K. )Tj
T*
( )Tj
T*
(The remaining 3 year lease obligation based on a monthly charge of \
)Tj
T*
($17,866 is $643K. )Tj
T*
( )Tj
T*
(The cost of 1-1/2 weeks of overtime for a staff of 128 at an )Tj
T*
(average $6.50 per hour salary and 25% overhead is 1.5 wks x 40 )Tj
T*
(hrs/wk x $6.50/hr x 128 staff x 1.5 overtime x 1.25 overhead = $94 \
)Tj
T*
(K. )Tj
T*
( )Tj
T*
(The total loss is then $64K + $10K + $643K + $94K = $810K. )Tj
T*
( )Tj
T*
(The ALE is .01 % x $810 = $81K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is a contingency plan which would expedite recovery )Tj
T*
(activities and save about 1.5 of the 2 weeks which would otherwise \
)Tj
T*
(be required to clean up. )Tj
T*
( )Tj
T*
(The yearly savings \(not counting the cost of contingency plan )Tj
T*
(development\) will be the AFE multiplied by 2/3 of the overtime )Tj
T*
(costs \(all but 1/2 week\)or .01 x 2/3 x $94K = $6.3K. )Tj
T*
( )Tj
T*
(The ALE reduction will be $81K - $6.3K = $75K. )Tj
T*
( )Tj
T*
(The cost of contingency planning is determined after all ALE )Tj
T*
(reductions generated by the existence of the plan have been )Tj
T*
(calculated. This is done on the multiple effects worksheet in )Tj
T*
(Appendix C. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.1 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Prepare a formal contingency plan for the field office. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(2.3 EARTHQUAKES)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(HEADQUARTERS AND 999 BACK STREET)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The headquarters buildings are located in a grade C intensity )Tj
T*
(area. Grace C is referred to as a very strong intensified area )Tj
T*
(that can expect substantial damage from an earthquake. This )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(20 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
549 0 obj 3375
endobj
550 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(information corresponds to intensity readings greater than 6.0 on )Tj
0 -1.2 TD
(the Richter scale. These buildings have three stories. There is )Tj
T*
(an underground parking garage below 123 Main Street. )Tj
T*
( )Tj
T*
(The State Supply Warehouse building is located in a grade D )Tj
T*
(intensity area. Grade D is also referred to as a strong )Tj
T*
(intensified area that can expect some damage from an earthquake. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.3-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The risk of earthquake damage to the Office of Employment Security \
)Tj
T*
(Capitaltown facilities and their contents should be accounted for )Tj
T*
(in a contingency plan. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(Q\)\(4\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In the event of a disaster or disruption, the computer facility )Tj
T*
(and the backup facility must have the capability to function )Tj
T*
(normally with minimal delay or lost processing time. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In the Capitaltown area, the probability of an earthquake )Tj
T*
(occurring is high. A contingency plan should be drafter to ensure \
)Tj
T*
(continuity of operations for the Office of Employment Security )Tj
T*
(headquarters offices. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The annual frequency estimates for an earthquake larger than 6.0 )Tj
T*
(on the Richter Scale is .02. This translates into a probability )Tj
0 -1.20001 TD
(of occurrence of two in one hundred years. The AFE would be lower \
)Tj
0 -1.2 TD
(except for the fact that there has been no serious earthquake )Tj
T*
(activity in the area in recent times and current research )Tj
T*
(indicates that the longer the period of inactivity along a fault )Tj
T*
(line, the higher the probability of a strong earthquake. )Tj
T*
( )Tj
T*
(An earthquake of magnitude 6.0 or greater would cause major )Tj
T*
(disruption to Office of Employment Security operations. Without a \
)Tj
T*
(contingency plan, it is estimated that operations would be halted )Tj
T*
(for approximately four weeks. Time would be needed for getting )Tj
T*
(additional office space, moving in, and starting up operations. )Tj
T*
( )Tj
T*
(Once operations were resumed, the Office of Employment Security )Tj
T*
(would have to pay overtime to many production employees to make up \
)Tj
T*
(for lost time. Because the Threeville data center can continue to \
)Tj
T*
(accumulate Unemployment Insurance Bureau transactions while the )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(21 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
551 0 obj 3074
endobj
552 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(central computer in Capitaltown is disabled, DDE operations would )Tj
0 -1.2 TD
(not be affected. The overtime would apply to approximately 170 )Tj
T*
(non-DDE processors at HQ and in the field offices. )Tj
T*
( )Tj
T*
(The cost of overtime would be 4 wks x 40 hrs/wk x $6/hr x 170 )Tj
T*
(staff x 1.5 overtime x 1.25 overhead = $310K. )Tj
T*
( )Tj
T*
(The ALE is then .02 x $310K = $6.2K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARD AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to draft and implement a contingency )Tj
T*
(plan which will allow SOES to move to emergency office space and )Tj
T*
(restart operations within one week of a major disaster. )Tj
T*
( )Tj
T*
(This will reduce the ALE by 75% to $1.6K. )Tj
T*
( )Tj
T*
(The cost of developing a contingency plan will be determined on )Tj
T*
(the basis of the total ALE reduction it will generate. For 5 )Tj
T*
(years, this reduction is $6.2K x 3.79 - $1.6K x 3.79 = $17K. This \
)Tj
T*
(and an annual testing and updating expense of $1.5K. The total 5- )Tj
T*
(year cost would be 3.79 x $1.5K + $10K = $16K. )Tj
T*
( )Tj
T*
(The 5-year savings is then $17K - $16K = $1K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.2 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Prepare a detailed contingency plan for SOES's Capitaltown )Tj
T*
(facilities. )Tj
T*
( )Tj
/T1_3 1 Tf
0 -1.20001 TD
(FOURVILLE AND TWOVILLE)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(The Fourville field office is located in a single story structure )Tj
0 -1.20001 TD
(which is also occupied by a restaurant and a real estate agency. )Tj
0 -1.2 TD
( )Tj
T*
(The Twoville field office occupies one third of the space in a )Tj
T*
(converted warehouse. It is a brick-faced, wood frame building )Tj
T*
(with dropped ceilings. One third of the building is vacant and )Tj
T*
(the other one third is occupied by a reputable restaurant. )Tj
T*
( )Tj
T*
(Both the Fourville and Twoville field offices are located in areas \
)Tj
T*
(designated as zone 3. Zone definitions are taken from the )Tj
T*
(Deterministic Seismic Hazard Map of the U.S. after Algermissen. )Tj
T*
(In this vicinity, there is no history of earthquakes of a high )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(22 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
553 0 obj 3258
endobj
554 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(enough magnitude to inflict significant damage. Between 1900 and )Tj
0 -1.2 TD
(1974 there were no earthquakes of intensity greater than 5.7 on )Tj
T*
(the Richter Scale. )Tj
T*
( )Tj
T*
(The Fourville and Twoville field offices are located in a )Tj
T*
(relatively safe valley area in which the soil is made up of sand )Tj
T*
(and gravel. In conclusion, if an earthquake were to occur in this \
)Tj
T*
(area, it would result in little or no damage to SOES facilities, )Tj
T*
(and therefore is of minimal concern. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(THREEVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The soil in the Threeville area is made up of loosely filled )Tj
T*
(coarse grain earth. If an earthquake greater than 6.0 on the )Tj
T*
(Richter Scale were to occur for more than one minute \(continuous )Tj
T*
(shaking\), the ground water would liquefy the pore spaces and )Tj
T*
(destroy the soil structure. This would cause the soil to )Tj
T*
(essentially become quicksand and parts of the building could )Tj
T*
(collapse. The Tectonic fault is approximately one mile east of )Tj
T*
(Threeville. The fault extends from Narrow Creek southward into )Tj
T*
(Lakeside County. Most of the known activity of the Tectonic fault \
)Tj
T*
(is further south away from the city of Threeville. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 2.3-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville field office building could collapse during an )Tj
T*
(earthquake. )Tj
T*
( )Tj
/T1_3 1 Tf
0 -1.20001 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Because the terrain around the city of Threeville is made up of )Tj
0 -1.20001 TD
(loosely filled coarse grain earth, the SOES field office building )Tj
0 -1.2 TD
(could collapse during an earthquake. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The AFE for an earthquake of magnitude 6.0 or greater at )Tj
T*
(Threeville has been set at .01. In the absence of a contingency )Tj
T*
(plan, such an earthquake would halt Threeville field office )Tj
T*
(operations for the 4 weeks it would take to locate emergency )Tj
T*
(space, move in and reconfigure all ADP and communications )Tj
T*
(equipment. )Tj
T*
( )Tj
T*
(Claims processing activities at HQ, Fourville and Twoville would )Tj
T*
(also be affected because these activities require that the )Tj
T*
(Threeville Data Center be in operation. The ALE will be the )Tj
T*
(dollar equivalent of 4 weeks' overtime for about 300 claims )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(23 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
555 0 obj 3069
endobj
556 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(processing personnel plus the cost of office furniture and )Tj
0 -1.2 TD
(supplies for the Threeville staff \($64 from Finding 2.2-1\) plus )Tj
T*
(the cost of the remaining 3 years lease obligation for ADP )Tj
T*
(equipment at Threeville \($643K from Finding 2.2-1\). )Tj
T*
( )Tj
T*
(The overtime cost is 4 wks x 40 hrs/wk x $6/hr x 1.5 overtime x )Tj
T*
(1.25 overhead x 300 staff = $540K. )Tj
T*
( )Tj
T*
(The total ALE is then .01 x \($540K + $64K + $643\) - $12K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is a contingency plan which will allow the \
)Tj
T*
(Threeville field office to reestablish itself in new space within )Tj
T*
(one week of a disaster. )Tj
T*
( )Tj
T*
(The savings \(not including the cost of contingency plan )Tj
T*
(development\) will be 75% of that portion of the ALE which is due )Tj
T*
(to overtime costs or .75 x .01 x $540K = $4.1K. )Tj
T*
( )Tj
T*
(The ALE reduction is then $12K - $4.1K = $7.9K. )Tj
T*
( )Tj
T*
(The cost of the contingency plan development is determined after )Tj
T*
(all ALE reductions brought about by that safeguard have been )Tj
T*
(calculated. This is done on the multiple effects worksheets of )Tj
T*
(Appendix C. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.3 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(prepare a formal contingency plan for the Threeville field office. \
)Tj
0 -1.20001 TD
( )Tj
/T1_3 1 Tf
0 -1.2 TD
(2.4 TORNADOES)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
0 -1.20001 TD
(HEADQUARTERS, FOURVILLE AND TOURVILLE)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(It has been determined by the examination of various maps that )Tj
T*
(there was one occurrence of a tornado in both of the one degree )Tj
T*
(square areas surrounding the Office of Employment Security )Tj
T*
(Capitaltown headquarters offices and the Fourville and Twoville )Tj
T*
(field offices over a thirteen year period. Each one degree square \
)Tj
T*
(encompasses approximately forty-nine hundred square miles. )Tj
T*
( )Tj
T*
(The annual frequency estimate is then derived by dividing the )Tj
T*
(number of square miles in the one degree square area \(4900\) into \
)Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(24 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
557 0 obj 3110
endobj
558 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(the approximate number of tornadoes occurring in that are in any )Tj
0 -1.2 TD
(one year \(1/13\). The resultant annual frequency estimate for )Tj
T*
(tornadoes which specifically impact the Office of Employment )Tj
T*
(Security headquarters facilities and the Twoville and Fourville )Tj
T*
(filed offices is calculated to be \(1/13\)/4900 which is equal to )Tj
T*
(.00002. )Tj
T*
( )Tj
T*
(The AFE is so small that the risk of loss due to tornadoes is )Tj
T*
(negligible. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(THREEVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(It has been determined from various maps that there were four )Tj
T*
(tornadoes in the one degree square area surrounding the Threeville \
)Tj
T*
(field office during a thirteen year period. This one degree )Tj
T*
(square encompasses approximately forty-nine hundred square miles. )Tj
T*
( )Tj
T*
(The annual frequency estimate is the derived by dividing the )Tj
T*
(number of square miles in a one degree square area \(4900\) into the \
)Tj
T*
(approximate number of tornadoes occurring in that area in any one )Tj
T*
(year \(4/13\). The resultant annual frequency estimate for )Tj
T*
(tornadoes which specifically impact the Office of Unemployment )Tj
T*
(Security's Threeville field office is calculated as \(4/13\)/4900 )Tj
T*
(which is equal to .00006. )Tj
T*
( )Tj
T*
(This AFE is so small that the risk of a serious loss is )Tj
T*
(negligible. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(2.5 POWER OUTAGES)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Although there are approximately two or three power outages per )Tj
0 -1.20001 TD
(year in all SOES facilities, there is no significant impact on )Tj
0 -1.2 TD
(processing because there is no overtime associated with downtime )Tj
T*
(up to two hours and none of the outages have lasted that long. )Tj
T*
( )Tj
T*
(There is no significant risk of loss due to power outages. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(2.6 A/C OR HEATING FAILURE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There have been no cases of State Office of Employment Security )Tj
T*
(employees being sent home because of the lack of air conditioning )Tj
T*
(or heat. )Tj
T*
( )Tj
T*
(A preventive maintenance program is being followed to minimize the \
)Tj
T*
(possibility of a breakdown in the electrical and mechanical )Tj
T*
(systems. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(25 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
559 0 obj 3047
endobj
560 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(There is an air conditioning service on call to handle any )Tj
0 -1.2 TD
(breakdown twenty-four hours a day, seven days a week. )Tj
T*
( )Tj
T*
(The existence of a preventive maintenance program and the )Tj
T*
(availability of the on-call air conditioning service makes the )Tj
T*
(risk negligible. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(2.7 THEFT/ROBBERY/UNAUTHORIZED ACCESS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(HEADQUARTERS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Due to the location of the Office of Employment Security )Tj
T*
(headquarters buildings in an area containing some popular tourist )Tj
T*
(attractions, the potential for unauthorized access is greatly )Tj
T*
(increased. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDINGS 2.7-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Headquarters offices are susceptible to unauthorized access. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137 \(N\)\(7\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(During normal working hours, access to the Unemployment Insurance )Tj
T*
(Bureau claims work area is generally to be restricted to company )Tj
T*
(employees. The presence of all visitors is to be controlled. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(When we passed the loading dock guard station at 123 Main Street )Tj
T*
(on various occasions, the guard was absent. On further inspection \
)Tj
T*
(we observed the guard standing near 1st Street, which is located )Tj
T*
(one-half black down the street from the loading dock. )Tj
0 -1.20001 TD
( )Tj
/T1_3 1 Tf
0 -1.2 TD
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(We feel that 123 Main Street is susceptible to unauthorized entry )Tj
0 -1.2 TD
(through the loading dock door due to inadequate monitoring by the )Tj
T*
(guard force. )Tj
T*
( )Tj
T*
(Losses to SOES could occur by theft, fraud or vandalism. Blank )Tj
T*
(checks as well as signed checks ready for mailing are stored in )Tj
T*
(rooms whose walls do not extend to the true ceiling. CRT )Tj
T*
(terminals which can access restricted files such as the Master )Tj
T*
(Employer File are located in the building. Office spaces for )Tj
T*
(Unemployment Insurance Bureau management personnel are also )Tj
T*
(located in the building and could be vandalized. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(26 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
561 0 obj 3042
endobj
562 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(The risk of fraud and abuse through manipulation of computerized )Tj
T*
(Unemployment Insurance Bureau data is evaluated in Findings )Tj
T*
(3.2.1.1.2-1 and 3.3-1. The risk of theft is treated in Finding )Tj
T*
(3.5.1-1. )Tj
T*
( )Tj
T*
(In this finding we will account for the threat of vandalism and )Tj
T*
(other destructive acts. Although intruders could probably gain )Tj
T*
(access to the headquarters buildings with little difficulty, there \
)Tj
T*
(are in fact no cases of vandalism on record. For that reason we )Tj
T*
(select an AFE of 1 from the low end of the scale. )Tj
T*
( )Tj
T*
(The loss potential, considering only Unemployment Insurance Bureau \
)Tj
T*
(assets, is set at $100K. this includes losses due not only to the \
)Tj
T*
(physical destruction of tangible assets but also to the damage )Tj
T*
(done to paper records and data contained on other physical media. )Tj
T*
( )Tj
T*
(The ALE is $100K x 1 = $100K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to enforce existing guard procedures )Tj
T*
(more strictly. The cost should not exceed 1 hour per day of staff \
)Tj
T*
(time by a guard supervisor at a salary level of $18K per year )Tj
T*
(including overhead. This amounts to \(1/8\) x $18K/yr = $2.3K per \
)Tj
T*
(year. )Tj
T*
( )Tj
T*
(The ALE would be reduced by 95% to $5K. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The savings will be \($!00K - $5K\) - $2.3K = $93K. )Tj
T*
( )Tj
0 -1.20001 TD
(See the risk analysis worksheets in Section B.4 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Monitor the performance of the guard force and demand compliance )Tj
T*
(with established procedures. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.7-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The wearing of badges at 456 Main Street is not enforced. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(7\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(During normal working hours, access to Unemployment Insurance )Tj
T*
(Bureau Claims work areas is generally to be restricted to Bureau )Tj
T*
(employees. The presence of all visitors is to be controlled. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(27 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
563 0 obj 2909
endobj
564 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Employees at 456 Main Street do not all wear their SOES badges. )Tj
T*
(Unescorted visitors could pocket their badges and be taken for )Tj
T*
(employees. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Because badges are not generally worn, an intruder or a bona fide )Tj
T*
(visitor could masquerade as a SOES employee and move freely )Tj
T*
(through the building. The fact that the upper floors are not )Tj
T*
(currently occupied would allow such a person to hide until after )Tj
T*
(normal business hours. He could then commit destructive acts or )Tj
T*
(steal assets such as benefit checks or office equipment and depart \
)Tj
T*
(undetected. )Tj
T*
( )Tj
T*
(This problem is closely related to Finding 3.11.2-1. The risk )Tj
T*
(analysis is not repeated here because we feel that this would tend \
)Tj
T*
(to make a single access control problem with several facets appear \
)Tj
T*
(to be a number of independent problems. In addition it would )Tj
T*
(unreasonably inflate the loss expectancy. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Enforce the wearing of badges at 456 Main Street. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(999 BACK STREET)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The State Supply Warehouse is surrounded by streets on three sides \
)Tj
T*
(and a parking lot on the fourth side. The walls are sheer from )Tj
0 -1.20001 TD
(the ground to the rooftop level above the fourth floor. A fire )Tj
0 -1.2 TD
(escape ladder extends from the roof to ground level. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.7-3:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The State Supply Warehouse is susceptible to unauthorized access. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(28 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
565 0 obj 3162
endobj
566 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The State Supply Warehouse building has a guard at the front )Tj
T*
(entrance who checks the ID of persons entering. If an intruder )Tj
T*
(wanted to gain access to the warehouse, he could go to the side of \
)Tj
T*
(the building and climb up the fire escape ladder to the roof. )Tj
T*
(Once on the roof, the intruder could enter the warehouse by )Tj
T*
(breaking the skylight window. )Tj
T*
( )Tj
T*
(We also discovered that the motor for the elevator is housed in a )Tj
T*
(structure on top of the roof. The elevator motor is protected by )Tj
T*
(an easily breached wire mesh screen. An intruder could easily )Tj
T*
(bypass the screen and gain entry to the warehouse by climbing down \
)Tj
T*
(the elevator shaft and out onto one of the floors. )Tj
T*
( )Tj
T*
(By entering the third floor, the intruder could set the record )Tj
T*
(storage area on fire, destroying the Unemployment Insurance Bureau \
)Tj
T*
(records and possibly causing damage to the warehouse building. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no good reason why individuals would want to enter or )Tj
T*
(vandalize the warehouse facility except for retaliatory purposes )Tj
T*
(against the Office of Employment Security organization. This is )Tj
T*
(because of the minimal amount of valuable assets contained in the )Tj
T*
(building and because there are many other warehouse facilities in )Tj
T*
(the same area which could also be looted or damaged. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(In conclusion, there would be little motivation for breaking into )Tj
T*
(the Sate Supply Warehouse and consequently the AFE for either )Tj
0 -1.20001 TD
(unauthorized access or vandalism to the facility would be very )Tj
0 -1.2 TD
(low. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FOURVILLE AND TWOVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville Field office is a single story masonry structure )Tj
T*
(occupying one-quarter of a square block. The building is also )Tj
T*
(occupied by a restaurant and real estate agency. )Tj
T*
( )Tj
T*
(A restaurant occupies one third of the building in which the )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(29 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
567 0 obj 3271
endobj
568 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(Office of Employment Security Office at Twoville is located. )Tj
0 -1.2 TD
( )Tj
T*
(Because there are other operating business in the immediate )Tj
T*
(vicinity of both field offices, their employees and customers move \
)Tj
T*
(about the vicinity of the offices, increasing the potential for )Tj
T*
(unauthorized access. However, the buildings are equipped with )Tj
T*
(door alarms and motion detectors which minimize the risk of )Tj
T*
(unauthorized entry during non-business hours. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(THREEVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Because other businesses occupy part of the building in which the )Tj
T*
(Office of Employment Security office is housed, their employees )Tj
T*
(and customers move about the vicinity of the office increasing the \
)Tj
T*
(potential for unauthorized access. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 2.7-4:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville Field Office is susceptible to unauthorized access. \
)Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is a gap between the top of the rear exit door and the )Tj
T*
(doorframe. A normally closed magnetically controlled switch is )Tj
T*
(attached to the doorframe within reach of the gap. A magnet is )Tj
T*
(attached t the door in such a way that when the door is closed, )Tj
T*
(the magnet touches the switch and causes it to open. If an )Tj
0 -1.20001 TD
(intruder were to open the door, the magnet would move away from )Tj
0 -1.2 TD
(the switch; the switch would then close and set off the alarm. )Tj
T*
(The intruder could place his own magnet near the switch through )Tj
0 -1.20001 TD
(the gap at the top of the door and then open the door without )Tj
0 -1.2 TD
(closing the switch and setting off the alarm. )Tj
T*
( )Tj
T*
(The photoelectric beam detectors are not adequate for protection )Tj
T*
(because no matter how the beam is adjusted, it can be by passed )Tj
T*
(either by jumping over it or by crawling under it to gain entry )Tj
T*
(into the field office. )Tj
T*
( )Tj
T*
(After we learned that established procedures required that the )Tj
T*
(door leading from the parking lot into the training room be locked \
)Tj
T*
(to prevent unauthorized access, we checked it and discovered it to \
)Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(30 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
569 0 obj 3241
endobj
570 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(be unlocked. )Tj
0 -1.2 TD
( )Tj
T*
(The door leading form the rear parking lot into the Threeville )Tj
T*
(filed office record storage area is made of a flexible metal )Tj
T*
(material which is unsturdy and therefore easily penetrable with )Tj
T*
(minimal effort. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Whereas Fourville and Twoville are relatively well protected from )Tj
T*
(unauthorized access, Threeville is vulnerable because its alarms )Tj
T*
(can all be bypassed easily and because the reception area is )Tj
T*
(poorly monitored during the early morning and the later afternoon. \
)Tj
T*
(\(See Finding 3.2.1.3-1.\) )Tj
T*
( )Tj
T*
(The lease cost for EDP equipment in the Threeville field office )Tj
T*
(was $17,866 for the month of December, 1982. If this equipment )Tj
T*
(were stolen or destroyed, SOES would be liable for these charges )Tj
T*
(for the remaining 3 years of the lease. This would amount to 36 )Tj
T*
(mos x $17,866 = $643K. )Tj
T*
( )Tj
T*
(The AFE of 5 is larger than for other sites because of the ease of \
)Tj
T*
(unauthorized access. )Tj
T*
( )Tj
T*
(THE ALE is then $643K x 5 = $3.2M. This is a worst case figure )Tj
T*
(which reflects what might happen if the access control )Tj
T*
(vulnerability were discovered and exploited by a criminal and SOES \
)Tj
T*
(failed to take any corrective action. Thieves could then loot the \
)Tj
0 -1.20001 TD
(office over and over again. )Tj
0 -1.2 TD
( )Tj
T*
(Actually, SOES would implement more effective controls after the )Tj
0 -1.20001 TD
(first serious theft in order to eliminate the problem. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(A number of steps should be taken. The beam alarms should be )Tj
T*
(replaced with motion detectors. The seven soft-metal warehouse )Tj
T*
(doors, covered on the inside with sheetrock, should be removed and \
)Tj
T*
(the outside wall bricked up. The rear exit door with the gap at )Tj
T*
(th top should be replaced with a much sturdier well-fitted door. )Tj
T*
(All outside doors except the main entrance should be locked and )Tj
T*
(alarmed during the day. The main entrance door should be equipped \
)Tj
T*
(with a signaling device which would sound when the door is opened )Tj
T*
(from the outside. )Tj
T*
( )Tj
T*
(The cost of all these modification should not exceed $20K. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(31 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
571 0 obj 2946
endobj
572 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(The ALE will be effectively reduced to $0. )Tj
0 -1.2 TD
( )Tj
T*
(The 5-year savings will be \($3.2M - $0\) x 3.79 - $20K = $12M. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.5 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Repair the gap in the rear exit door. replace the photoelectric )Tj
T*
(beam detectors with motion detectors. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FOURVILLE, TWOVILLE AND THREEVILLE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 2.7-5:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The custodial service at the field offices perform their duties )Tj
T*
(after hours and are not supervised by SOES personnel. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(11\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Limit the presence of cleaning and maintenance personnel tot he )Tj
T*
(period when there are some regular facility employees on duty. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Custodial services in the Fourville, Twoville and Threeville field \
)Tj
T*
(offices are performed outside of regular working hours and without \
)Tj
T*
(the supervision of Office of Employment Security personnel. )Tj
T*
( )Tj
T*
(This would not be a vulnerability if sensitive records and )Tj
T*
(valuable equipment in the building were properly protected. )Tj
T*
( )Tj
0 -1.20001 TD
(However, many sensitive files are stored in unlocked cabinets in )Tj
0 -1.2 TD
(open areas and valuable items of relatively portable equipment are \
)Tj
T*
(not secured. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(In the absence of supervision, custodial employees could easily )Tj
T*
(commit dishonest or destructive acts. Although these personnel are \
)Tj
T*
(bonded, it is usually necessary that a crime be proven in court )Tj
T*
(before the bond can be collected. In addition, there is valuable )Tj
T*
(information in the field offices which could be stolen by copying )Tj
T*
(or photography and thus never missed. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(It is unlikely that bonded custodial personnel would vandalize the \
)Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(32 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
573 0 obj 3128
endobj
574 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(field offices. It is also unlikely that they would commit )Tj
0 -1.2 TD
(obviously detectable crimes such as the theft of tangible )Tj
T*
(resources. Bonded personnel would be more apt to commit )Tj
T*
("undetectable" crimes such as copying the wage record file \(with a \
)Tj
T*
(camera, for example\). )Tj
T*
( )Tj
T*
(The loss potential, which is independent of the nature of the )Tj
T*
(threat agent, is set at $100K. )Tj
T*
( )Tj
T*
(Because of the bonding and the fact that no problems of )Tj
T*
(consequence have been associated with the custodial serves, a low )Tj
T*
(AFE of .5 is chosen. )Tj
T*
( )Tj
T*
(The ALE is then $100K x .5 = $50K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Several safeguards are possible. Janitorial services could be )Tj
T*
(performed during normal business hours with a little inconvenience \
)Tj
T*
(to SOES personnel. The services could be performed at night with )Tj
T*
(a SOES supervisor present or they could be performed by SOES )Tj
T*
(employees instead of contractor personnel. )Tj
T*
( )Tj
T*
(Each of these three safeguards would result in the monitoring of )Tj
T*
(custodial personnel by SOES employees in accordance with generally \
)Tj
T*
(accepted practices. )Tj
T*
( )Tj
T*
(The cheapest of the three solutions would be to use existing )Tj
0 -1.20001 TD
(contractor personnel during normal business hours. There would be \
)Tj
0 -1.2 TD
(no additional direct cost. In fact, wage rates might be lower for \
)Tj
T*
(daytime services. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(One indirect cost would be due to brief interruptions of the )Tj
T*
(office staff by the janitors. This should not amount to more than \
)Tj
T*
(2 minutes per day per person. For 320 field office employees, )Tj
T*
(using an average salary of $6.50 per hour and 25% overhead, the )Tj
T*
(cost of .2 minutes per day lost time would be 2 min/day x 1/60 )Tj
T*
(hrs/min x 320 staff x $6.50/hr x 1.25 overhead x 5 days/wk x 52 )Tj
T*
(wks/yr = $23K. )Tj
T*
( )Tj
T*
(The ALE will be reduced by 90% to $5K. )Tj
T*
( )Tj
T*
(The savings will be \($50K - $5K\) - $23K = $22K per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.6 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(33 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
575 0 obj 3356
endobj
576 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(Have the custodial services perform their duties during normal )Tj
T*
(business hours. )Tj
ET
0.5 0.5 0.5 rg
9.28961 709.72675 m
9.28961 711.58466 l
602.71039 711.58466 l
601.78143 710.65576 l
10.21857 710.65576 l
10.21857 710.6557 l
h
f
0.875 0.875 0.875 rg
602.71039 711.58466 m
602.71039 709.72675 l
9.28961 709.72675 l
10.21857 710.6557 l
601.78143 710.6557 l
601.78143 710.65576 l
h
f
0 0 0 rg
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 691.99115 Tm
( )Tj
/T1_2 1 Tf
19.98079 -2.56966 Td
(CHAPTER 3)Tj
-1.4455 -2.39999 Td
(SPECIFIC ISSUES)Tj
/T1_1 1 Tf
-18.53529 -2.54463 Td
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.1 INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This chapter is similar in format to Chapter 2. Each section )Tj
T*
(contains a )Tj
/T1_4 1 Tf
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( followed by a )Tj
T*
(series of one or more findings. For each finding there are )Tj
T*
(paragraphs entitled )Tj
/T1_4 1 Tf
(FINDING, RELATED CONTROL STANDARD, )Tj
T*
(DISCUSSION, RISK ANALYSIS, SUGGESTED SAFEGUARDS AND COST BENEFIT )Tj
T*
(ANALYSIS, and RECOMMENDATION)Tj
/T1_1 1 Tf
(. The contents of these )Tj
T*
(paragraphs are as outline at the beginning of Chapter 2. )Tj
T*
( )Tj
T*
(The sections of this chapter are based on the organizational )Tj
T*
(structure of SOES. Each functional group, department, division, )Tj
T*
(branch and section which performs functions in support of SOES )Tj
T*
(Unemployment Insurance Bureau Operations was examined in the risk )Tj
T*
(analysis. Only those organizational elements which could have a )Tj
T*
(security or integrity related impact on Unemployment Insurance )Tj
T*
(Bureau Operations are specifically included in this chapter. )Tj
T*
( )Tj
T*
(Each group of organizational elements at one level appears after )Tj
T*
(the element at the next higher level. Thus Employer Audit Unit )Tj
T*
(and Program Integrity appear after Employer Audit and Review. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2 SOES, UNEMPLOYMENT INSURANCE BUREAU)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_4 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The SOES Unemployment Insurance Bureau Department is responsible )Tj
T*
(for all aspects of processing Unemployment Insurance Bureau )Tj
T*
(insurance claims in the state. The Department uses field offices )Tj
T*
(in Twoville, Threeville and Fourville in addition to its )Tj
T*
(headquarters staff in Capitaltown to accomplish its work. Data )Tj
T*
(processing services are provided by Turnkey Systems Inc., an )Tj
T*
(Unemployment Insurance Bureau contractor. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(34 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
577 0 obj 3056
endobj
578 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(3.2.1 UNEMPLOYMENT INSURANCE BUREAU CLAIMS )Tj
0 -1.2 TD
(OPERATIONS)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(This department is responsible for all aspects of claims )Tj
T*
(processing including direct data entry, adjustments and )Tj
T*
(overpayment processing, correspondence and telephone, cash )Tj
T*
(disposition accounting, eligibility checking of claimants and )Tj
T*
(benefit charging of employers. The work is done primarily in )Tj
T*
(field offices. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(3.2.1.1 FOURVILLE FIELD OFFICE)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville field office is currently responsible for )Tj
T*
(Adjustments and Overpayments Processing and the direct data entry )Tj
T*
(of claims involving major employers. Eventually, Fourville is to )Tj
T*
(be responsible for all aspects of claims processing. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.1.1-1:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The Wage record file is unprotected. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(19\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the secure storage of all media containing sensitive )Tj
0 -1.20001 TD
(data when it is not in use. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The Wage record file contains data on all persons in the SOES )Tj
T*
(service area who are potential Unemployment Insurance Bureau )Tj
T*
(claimants. Printed versions of portions of the file are kept in )Tj
T*
(open storage. It would be of significant commercial value to any )Tj
T*
(firm marketing products or services generally useful to )Tj
T*
(individuals in specific income brackets and is therefore subject )Tj
T*
(to misappropriation. It must be given proper protection under the \
)Tj
T*
(State Privacy Act of 1974. )Tj
T*
( )Tj
T*
(The problem exists at both the Twoville and Fourville field )Tj
T*
(offices. The numbers used in the analyses below reflect both )Tj
T*
(offices. The finding but not the analysis is repeated in Section )Tj
T*
(3.2.1.2 for cross-reference purposes. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(35 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
579 0 obj 3256
endobj
580 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(The Wage Record file is most susceptible to theft by a SOES )Tj
T*
(employee since it is stored in an area normally accessible only to \
)Tj
T*
(employees. However, the Twoville and Fourville field offices are )Tj
T*
(susceptible to unauthorized access in the early morning and late )Tj
T*
(afternoon \(see Section 2.7\). )Tj
T*
( )Tj
T*
(The known range of AFEs for theft from businesses is 1 to 50. )Tj
T*
(Considering the ease of theft in this case, as well as the fact )Tj
T*
(that there has been no previous record of thefts, we have selected \
)Tj
T*
(an AFE of 5. )Tj
T*
( )Tj
T*
(Although the Wage Record file has no intrinsic value and can )Tj
T*
(easily be replaced, there is a potential loss to SOES through a )Tj
T*
(State Privacy Act lawsuit filed by a Unemployment Insurance Bureau \
)Tj
T*
(claimant who will argue that SOES was negligent in protecting the )Tj
T*
(sensitive information entrusted to it. )Tj
T*
( )Tj
T*
(A study of known State Privacy Act cases shows that the likelihood \
)Tj
T*
(of a lawsuit is .0001 to .01 per year. Because of the ease of the \
)Tj
T*
(theft and the large volume of privacy data involved and because of \
)Tj
T*
(the fact that SOES has and no previous lawsuits of this nature, we \
)Tj
T*
(have selected an AFE or .001, in the middle of the range. The )Tj
T*
(cost to SOES might be as much as $20K for legal fees and $100K in )Tj
T*
(compensatory and punitive awards. )Tj
T*
( )Tj
T*
(The ALE is then $120L x 5 x .001 = $600 )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to control access to the Wage record )Tj
T*
(file during the day and store it in a locked filing cabinet at )Tj
0 -1.20001 TD
(other times. )Tj
0 -1.2 TD
( )Tj
T*
(The cost of this safeguard is estimated to be 15 minutes of staff )Tj
0 -1.20001 TD
(time per day or 52 x 5 x 1/4 = 65 hours per year. Using the wage )Tj
0 -1.2 TD
(rate for a general clerk of $4.75 per hour and an overhead rate of \
)Tj
T*
(25%, the total cost per year would be 65 hours x $475 per hour x )Tj
T*
(1.25 = $390. )Tj
T*
( )Tj
T*
(The safeguard would be expected to reduce the ALE by 90% to $60. )Tj
T*
( )Tj
T*
(The expected yearly savings would then be equal to the ALE )Tj
T*
(reduction minus the safeguard cost or \($600 - $60\) - $390 = $150. \
)Tj
T*
( )Tj
T*
(See the risk analysis worksheets in section B.7 of Appendix B. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(36 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
581 0 obj 3259
endobj
582 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide secure storage for the Wage Record file at the Twoville )Tj
T*
(and Fourville field offices. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.1-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The outside entrance to the Fourville field office is unmonitored )Tj
T*
(during the early morning and late afternoon hours. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(2\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Control must also be maintained in other Unemployment Insurance )Tj
T*
(Bureau work areas over the presence of visitors, and the presence )Tj
T*
(of employees after normal working hours. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The reception area of the Fourville field office is separated from \
)Tj
T*
(the main work areas. Due to flextime work schedules, this area is \
)Tj
T*
(sometimes unstaffed during the early morning and late afternoon. )Tj
T*
(It would be simple for a person to walk in and conceal himself or )Tj
T*
(to steal a typewriter or other item of equipment from the )Tj
T*
(reception area during these times. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(It would be a relatively simple matter for a person to slip into )Tj
0 -1.2 TD
(the reception area unobserved and conceal himself until the SOES )Tj
T*
(staff departed. The person could then disable the door open )Tj
0 -1.20001 TD
(sensors attached to the burglar alarm and remove a large quantity )Tj
0 -1.2 TD
(of expensive office equipment. The monthly lease cost of this )Tj
T*
(equipment which includes approximately 82 CRTs, 60 MDTs, a line )Tj
T*
(printer, a micrographics printer, 2 microfiche readers, and 2 16mm \
)Tj
T*
(printers is about $10K. )Tj
T*
( )Tj
T*
(The range of AFEs for theft \(from Finding 3.2.1. )Tj
T*
(1-1\) is 1 to 50. Because we are now considering the theft of )Tj
T*
(bulky equipment which would require some time to move and truck to \
)Tj
T*
(haul away, we will choose an AFE well below the top of the range. \
)Tj
T*
(Because of the ease of initial access to the facility, the AFE )Tj
T*
(must be above the bottom of the range. However, the need to by )Tj
T*
(pass the motion detectors which operate during non-business hours )Tj
T*
(complicates the situation and tends to hold the AFE close to the )Tj
T*
(bottom of the range. We thus select an AFE of 2. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(37 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
583 0 obj 2986
endobj
584 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(If the leased ADP equipment were stolen or damaged, SOES would be )Tj
0 -1.2 TD
(responsible for the payments for the remainder of the lease )Tj
T*
(period. This would be approximately 3 years and would amount to )Tj
T*
($360K. )Tj
T*
( )Tj
T*
(The ALE is then $360K x 2 = $720K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is either to ensure continuous staffing of \
)Tj
T*
(the reception area or to install a signaling device which will )Tj
T*
(sound when the entrance door is opened from the outside. )Tj
T*
( )Tj
T*
(Continuous staffing of the reception area is estimated to cost at )Tj
T*
(least one additional hour of staff time per day. Using the wage )Tj
T*
(rate for a general clerk of $4.75 per hour and the overhead rate )Tj
T*
(of 25% this would be 52 wks x 5 days/wk 1 hr/day x $4.75/hour x )Tj
T*
(1.25 = $1,550 per year. )Tj
T*
( )Tj
T*
(The cost of installing a signaling device on the entrance door )Tj
T*
(would be a one-time charge of not more than $300. this is clearly \
)Tj
T*
(the more cost-effective safeguard. )Tj
T*
( )Tj
T*
(The ALE would be reduced to $0 by this safeguard. )Tj
T*
( )Tj
T*
(the savings to be expected over the standard 5-year amortization )Tj
T*
(period is then 3.79 x \($720K - $0\) - $300 = $2.7M. )Tj
T*
( )Tj
T*
(see the risk analysis worksheets in Section B.8 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Ensure that the reception area is staffed at all times when the )Tj
0 -1.2 TD
(main entrance door is unlocked. Alternatively, install a bell or )Tj
T*
(other signaling device which will sound when the door is opened )Tj
0 -1.20001 TD
(from the outside. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(3.2.1.1.1. EMPLOYER'S CHARGE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The determination of charges to employers is carries out by this )Tj
T*
(unit, This unit also verifies the correctness of wage records in )Tj
T*
(disputed cases. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(38 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
585 0 obj 3065
endobj
586 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(unit. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(3.2.1.1.2 ADJUSTMENTS AND OVERPAYMENTS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Fourville filed office currently performs all adjustments and )Tj
T*
(overpayments processing. This is done by three units operating )Tj
T*
(under a general supervisor. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.1.1.2-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(It is possible for an Adjustments and Overpayments processor to )Tj
T*
(reactivate and pay a claim or to make an adjustment to a claim in )Tj
T*
(a fraudulent manner. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(It is the function of the adjustments and overpayments processors )Tj
T*
(to make decisions to pay or deny claims in situations where human )Tj
T*
(evaluation of the circumstances is required. Although the )Tj
T*
(processors are relied upon to apply very detailed guidelines in )Tj
0 -1.20001 TD
(carrying out this function, they could easily abuse their )Tj
0 -1.2 TD
(authority and handle some claims in a fraudulent manner. The odds \
)Tj
T*
(of being caught in a quality control audit would be non-zero but )Tj
0 -1.20001 TD
(small. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Although there has been no history of violation of trust by SOES )Tj
T*
(employees in the field offices, this is at least partially due to )Tj
T*
(the impossibility of carrying out a second party review of all )Tj
T*
(claims processing actions. )Tj
T*
( )Tj
T*
(The range of AFEs for fraud and abuse nationally is .006 to .09. )Tj
T*
( )Tj
T*
(There are approximately 10K adjustment/overpayment actions per day \
)Tj
T*
(or 10K x 5 x52 = 2.6M per year. The standard for suspense )Tj
T*
(processing is between 61 and 69 claims per hour depending on the )Tj
T*
(location. Using 65 as an average, about 16 processors are )Tj
T*
(required to handle the workload. These processors are normally )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(39 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
587 0 obj 3110
endobj
588 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(audited at the rate of 50 to 100 claims per month or an average of \
)Tj
0 -1.2 TD
(75 x 12 = 900 per year. )Tj
T*
( )Tj
T*
(The likelihood of a single fraudulently processed claim being )Tj
T*
(audited is thus about \(900 x 16\) / 2.6M = 15.4K / 2.6M = .006. )Tj
T*
(This means that a processor would risk only 6 chances in 1,000 of )Tj
T*
(having a fraudulent claim reviewed by a second party. )Tj
T*
( )Tj
T*
(Because of the low risk involved, we select the AFE to be the top )Tj
T*
(of the range or .09. )Tj
T*
( )Tj
T*
(FBI statistics indicate that the average computer crime nets )Tj
T*
($500,000 for the perpetrator. This figure seems high for the )Tj
T*
(present situation and a large number of fraudulent transactions )Tj
T*
(would be required to reach 1t. A loss of $100K per year would be )Tj
T*
(a more reasonable upper bound on the amount that could be diverted \
)Tj
T*
(through fraudulent adjustments/overpayments processing. )Tj
T*
( )Tj
T*
(The ALE is then $100 x .09 = $9K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to apply the principle of separation of \
)Tj
T*
(duties. In order to convert Unemployment Insurance Bureau funds )Tj
T*
(to their own use, processors would have the change the payee )Tj
T*
(address associated with the claim. Such actions should be )Tj
T*
(isolated as privileged transactions and assigned to special )Tj
T*
(processors who are not authorized to carry out other types of )Tj
T*
(transactions. )Tj
T*
( )Tj
T*
(This safeguard would cost about 3 staff-months for procedure )Tj
T*
(redesign and another 3 staff-months for modifications to CUIS. We \
)Tj
0 -1.20001 TD
(use an annual salary of $30K and 100% overhead for programming )Tj
0 -1.2 TD
(modifications and a grade 34 salary plus 25% overhead for )Tj
T*
(procedure redesign. This amounts to \(1/4 x $23,678 x 1.25\) + \(1/4 \
)Tj
0 -1.20001 TD
(x $30K x 2.0\) = $22K. )Tj
0 -1.2 TD
( )Tj
T*
(The ALE reduction would be about 90% yielding a reduced ALE of )Tj
T*
($900. )Tj
T*
( )Tj
T*
(The savings would be \($9K - $900\) x 3.79 - $22K = $9K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.9 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(40 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
589 0 obj 2900
endobj
590 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Apply separation of duties between adjustments and overpayments )Tj
0 -1.2 TD
(processing and other aspects of claims processing. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.1.3 ADJUDICATION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This unit is responsible for ensuring that Unemployment Insurance )Tj
T*
(Bureau claimants are eligible and that employers are properly )Tj
T*
(registered within the Unemployment Insurance Bureau program. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.1.4 CLERICAL SUPPORT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This unit provides administrative support to the Fourville field )Tj
T*
(office as well as support services for the Unemployment Insurance )Tj
T*
(Bureau claims processing operation. This includes management of )Tj
T*
(general office services such as copiers, vending machines, )Tj
T*
(janitorial services, etc.; management of paper and microfilm )Tj
T*
(records; and supervision of employee time and performance )Tj
T*
(accounting. )Tj
T*
( )Tj
T*
(We found no problem with the practices and procedures of this )Tj
T*
(unit. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(3.2.1.1.5 AUDITING/TRAINING)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
0 -1.20001 TD
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(This unit is responsible for the quality control auditing of )Tj
T*
(claims processors as well as the functional training of newly )Tj
T*
(hired claims processors. The unit reports directly to the field )Tj
T*
(office manager. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.1.6 TSI SUPPORT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(TSI provides a trainee systems analyst at each Unemployment )Tj
T*
(Insurance Bureau field office to support claims processors when )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(41 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
591 0 obj 2750
endobj
592 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(software problems or local hardware problems arise. )Tj
0 -1.2 TD
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(analyst. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.1.7 PERSONNEL)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This unit, currently consisting of one person, provides all )Tj
T*
(personnel services for the Twoville and Fourville field offices. )Tj
T*
(The unit reports to Personnel at SOES HQ in Capitaltown. Roughly )Tj
T*
(half of the time is spent at Fourville and half at Twoville. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2 TWOVILLE FIELD OFFICE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This field office is responsible for correspondence processing, )Tj
T*
(cash disposition accounting, telephone inquiries and direct data )Tj
T*
(entry of claims. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.1.2-1 )Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Wage record file is unprotected. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(19\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the secure storage of all media containing sensitive )Tj
T*
(data when it is not in use. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(This problem is discussed under Finding 3.2.1.1-1. The numbers )Tj
T*
(used in the Risk Analysis and Cost-Benefit Analysis paragraphs of )Tj
0 -1.20001 TD
(that finding cover both the Twoville and the Fourvile field )Tj
0 -1.2 TD
(offices. Consequently, these paragraphs are omitted hers. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide secure storage for the Wage Record file at the Twoville )Tj
T*
(and Fourville field offices. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.1.2-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Outside doors to the Twoville field office \(other than the main )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(42 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
593 0 obj 3014
endobj
594 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(entrance are unalarmed during business hours. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(2\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Control must also be maintained in other Unemployment Insurance )Tj
T*
(Bureau work areas over the presence of employees after normal )Tj
T*
(working hours. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Although there is a policy that doors other than the main entrance \
)Tj
T*
(door not be used by employees exiting the building, there is no )Tj
T*
(practical means of enforcing the policy. )Tj
T*
( )Tj
T*
(Because these doors can be used during the day, there is a )Tj
T*
(possibility that they will not be closed properly and that )Tj
T*
(unauthorized access to the facility will be made easier. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Although these unalarmed doors represent a security deficiency, it \
)Tj
T*
(would not be a straightforward matter to take advantage of the )Tj
T*
(situation. It would be possible for a person to wait for an )Tj
T*
(opportunity to gain access through these doors, but the time )Tj
T*
(required and the uncertainty of success would reduce the AFE to )Tj
T*
(the lower end of th scale. )Tj
T*
( )Tj
T*
(The range of AFEs for theft and unauthorized access is 1 to 50. )Tj
0 -1.20001 TD
(Consequently we choose 1 as the AFE. )Tj
0 -1.2 TD
( )Tj
T*
(There are approximately 118 CRTs and 60 MDTs in the Twoville field \
)Tj
0 -1.20001 TD
(office with a lease cost of about $14K per month or $170K per )Tj
0 -1.2 TD
(year. )Tj
T*
( )Tj
T*
(With 3 years of lease payments remaining, the ALE for theft of )Tj
T*
(this equipment is then 3 x $170 x 1 = $510K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to install deadbolt locks on the doors )Tj
T*
(in question and issue keys to the employees who have an official )Tj
T*
(need for them. )Tj
T*
( )Tj
T*
(This safeguard would have a one-time cost of not more than $300 )Tj
T*
(and would reduce the ALE by 100% from $510K to $0. )Tj
T*
( )Tj
T*
(The savings would be 3.79 x \(150K - $0\) - $300 = $1.9M. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(43 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
595 0 obj 2874
endobj
596 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.10 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Install deadbolt locks on all but the main entrance door. Issue )Tj
T*
(keys to those who must use the doors in the conduct of their )Tj
T*
(official duties. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2-3:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Dry chemical fire extinguishers are provided for work areas in )Tj
T*
(which CRT terminals are located. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137 J\(1\)\(C\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Avoid the use of carbon dioxide area extinguishing systems since )Tj
T*
(they present a significant safety hazard. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Dry chemical fire extinguishing agents will damage electronic )Tj
T*
(circuitry beyond repair. Other agents such as halon are equally )Tj
T*
(effective fire suppressants but will not cause any damage to )Tj
T*
(circuitry. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Use of dry chemical extinguishers would be detrimental only in )Tj
T*
(those fire situations in which electronic equipment would be saved \
)Tj
T*
(if non-destructive extinguishing agents were used. This would )Tj
T*
(include only small area fires detected soon after starting and )Tj
0 -1.20001 TD
(would involve at most 4 to 6 CRTs. )Tj
0 -1.2 TD
( )Tj
T*
(The AFE for a small fire occurring during business hours is .1. )Tj
0 -1.20001 TD
(This number results from data collected by State fire inspection )Tj
0 -1.2 TD
(authorities and from national data. )Tj
T*
( )Tj
T*
(The lease cost of 6 CRTs is about $750 per month or $27K for the 3 \
)Tj
T*
(years remaining in the agreement. This value would be totally )Tj
T*
(lost if the CRTs were sprayed with dry chemicals. There would be )Tj
T*
(no loss if halon were used. )Tj
T*
( )Tj
T*
(The ALE is thus $27K x .1 = $2.7K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(44 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
597 0 obj 3101
endobj
598 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(Replace the dry chemical extinguishers with halon extinguishers. )Tj
T*
(The cost will be about $200 each. Six extinguishers would then )Tj
T*
(cost $1,200. )Tj
T*
( )Tj
T*
(The ALE reduction would be 100%. The 5-year savings would then be \
)Tj
T*
(the amortized value oft he 5-year loss reduction less the one-time \
)Tj
T*
(cost of the safeguard or 3.79 x $2,7K - $1,200 = $10K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.11 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Replace the dry chemical extinguishers with halon extinguishers. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2-4:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Documents describing restricted access software are not given )Tj
T*
(special protection in the Twoville field office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the organization. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(The same documents which are kept under lock and key in the )Tj
0 -1.2 TD
(Fourville filed office are not similarly protected in the Twoville \
)Tj
T*
(filed office. This reflects a lack of central control over )Tj
0 -1.20001 TD
(security procedures. It also represents a failure to restrict )Tj
0 -1.2 TD
(information which would give unauthorized persons the ability to )Tj
T*
(access restricted software and data. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The effect of this finding is to make it easier for unauthorized )Tj
T*
(persons to access restricted software. This software includes )Tj
T*
(WRK-PLN and PERF-MON which are not directly concerned with claims )Tj
T*
(processing but rather with workload planning and employee )Tj
T*
(performance. Unauthorized access would not result in an illegal )Tj
T*
(diversion of funds. It would possible lead to intra-office )Tj
T*
(rivalries and ill feelings which would decrease the efficiency of )Tj
T*
(the staff. )Tj
T*
( )Tj
T*
(Using an average salary rate for claims processors of $5.50 per )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(45 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
599 0 obj 3006
endobj
600 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(hour, an overhead rate of 25% and a staff size of 105, the annual )Tj
0 -1.2 TD
(claims processing staff cost is 105 staff x 1.25 overhead x 52 )Tj
T*
(wks/yr x 5 days/wk x 8 hrs/day x $5.50/hr = $1.5M. )Tj
T*
( )Tj
T*
(A cut in efficiency of only 5% due to staff infighting would then )Tj
T*
(result in a loss of $1.5M x .05 = $75K per year, the ALE. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide proper protection for documents describing restricted )Tj
T*
(software. Although protecting the software by means of passwords )Tj
T*
(or user security profiles would be a more effective solution, it )Tj
T*
(would also be more costly. )Tj
T*
( )Tj
T*
(The existing documents should be stored in locked desks or )Tj
T*
(cabinets until it becomes cost-effective to implement password or )Tj
T*
(user profile protection. )Tj
T*
( )Tj
T*
(The cost of establishing and enforcing secure storage procedures )Tj
T*
(should not exceed 15 minutes per day of supervisor time. )Tj
T*
( )Tj
T*
(This would amount to 1/4 hr/day x 52 wks/yr x 5 days/wk x 1.25 )Tj
T*
(overhead x $7.35/hr = $600 per year. )Tj
T*
( )Tj
T*
(This safeguard should reduce the ALE to $0 because the target of )Tj
T*
(the threat is not sufficiently attractive for anyone to use much )Tj
T*
(effort in gaining access to it. )Tj
T*
( )Tj
T*
(The savings would then be \($75K - $0\) - $600 = $74 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.12 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Access to restricted software should be controlled through )Tj
0 -1.20001 TD
(passwords or user security profiles, not through the secrecy of )Tj
0 -1.2 TD
(operating procedures. In the present situation, the restricted )Tj
T*
(documents should be stored in locked desks or cabinets. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.2.1 DATA ENTRY)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The data entry function is organized into three operating units )Tj
T*
(and one auditing unit, all reporting to a general supervisor. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(46 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
601 0 obj 3222
endobj
602 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(We found no problems with the practices and procedures of the data \
)Tj
0 -1.2 TD
(entry units. Findings related to the auditing unit are discussed )Tj
T*
(in Section 3.2.1.2.5. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.2 CORRESPONDENCE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Correspondence processing comprises all activities involved in the \
)Tj
T*
(handling of written queries from Unemployment Insurance Bureau )Tj
T*
(employers, claimants and other interested parties. An online )Tj
T*
(subsystem of CUIS is used to generate automated responses to such )Tj
T*
(inquiries. )Tj
T*
( )Tj
T*
(There are two operating units, a control/microdata unit \(which )Tj
T*
(also services the cash disposition and data entry groups\) and an )Tj
T*
(auditing unit, all under a general supervisor. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of the )Tj
T*
(Correspondence units or the control/microdata unit. Findings )Tj
T*
(relating to the auditing unit are discussed in Section 3.2.1.2.5. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.1.2.2-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Correspondence processors can divert claim payments from their )Tj
T*
(intended recipients in a variety of ways. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
0 -1.20001 TD
(unassisted fraud. For example, a computer console operator should \
)Tj
0 -1.2 TD
(not be allowed to write programs and introduce them into the )Tj
T*
(system, or to introduce any programs not authorized by someone )Tj
T*
(responsible for the internal control, such as the tape librarian. \
)Tj
T*
(Further examples of the duties that should not be assigned the )Tj
T*
(same employee at the same time are scheduling, operating, )Tj
T*
(programming, storage, and library functions; nor should employees )Tj
T*
(be allowed to perform unassigned duties that might increase the )Tj
T*
(range of their activities. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The primary mechanism is the fraudulent address change. The )Tj
T*
(capability also exists for processors to restore the correct )Tj
T*
(address after payment has been made. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(47 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
603 0 obj 2871
endobj
604 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(There is a risk of being caught in a quality control audit but the \
)Tj
0 -1.2 TD
(risk is small. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This finding is essentially similar to Finding 3.2.1.1.2-1. )Tj
T*
(Because all claims processors have access to all aspects of claims \
)Tj
T*
(processing, it would be repetitive to assess separately potential )Tj
T*
(losses due to fraud by correspondence processors and adjustments )Tj
T*
(and overpayments processors. )Tj
T*
( )Tj
T*
(Consequently, the reader is referred to Finding 3.2.1.1.2-1 for )Tj
T*
(risk analysis calculations. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Determine patterns of claims processing transactions which would )Tj
T*
(be carried out when fraud was being attempted. Flag for special )Tj
T*
(review al claims to which these patterns apply. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.2.3 CASH DISPOSITION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The general supervisor of cash disposition also oversees the )Tj
T*
(Telephones Unit and an Auditing Unit. The Cash Disposition Unit )Tj
T*
(assists in Unemployment Insurance Bureau benefit fund accounting )Tj
T*
(by using an online CUIS subsystem to enter data related to )Tj
0 -1.20001 TD
(returned benefit payment checks, stale-dated check, recouped )Tj
0 -1.2 TD
(overpayments, etc. )Tj
T*
( )Tj
0 -1.20001 TD
(No cash or checks are handled by this office except in rare )Tj
0 -1.2 TD
(instances when they are sent to Twoville by mistake instead of to )Tj
T*
(Capitaltown. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2.3-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords controlling access to CUIS Cash Disposition functions )Tj
T*
(are not changed when employees who know them terminate their )Tj
T*
(employment. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(13\):)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(48 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
605 0 obj 3006
endobj
606 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(prompt action must be taken to delete an employee's personal )Tj
T*
(identification number or other identifier from the system )Tj
T*
(authorization list or table when the employee no longer has the )Tj
T*
(authority to access a system \(e.g., after changing function or )Tj
T*
(leaving the organization.\) )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is discussed more generally in Finding 3.3-5 below. )Tj
T*
(Terminating employees could misuse their knowledge either for )Tj
T*
(personal gain or to get revenge for their perceived mistreatment )Tj
T*
(by SOES. )Tj
T*
( )Tj
T*
(The Risk Analysis and Cost-Benefit Analysis paragraphs are omitted \
)Tj
T*
(here because this problem is covered in the analysis of Finding )Tj
T*
(3.3-1. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All access control keys \(both logical can physical\) should be )Tj
T*
(returned to SOES or rendered unusable upon th termination of )Tj
T*
(employees who possess them. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2.3-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords controlling access to CUIS Cash Disposition functions )Tj
T*
(are sometimes written down by the clerks entrusted with them. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(RELATED CONTROL STANDARD 5137\(J\)\(12\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Passwords must not be displayed on the video display terminals or )Tj
0 -1.2 TD
(hardcopy devices. Ensure that the computer operators, acting )Tj
T*
(without authority, are not able to display user programs or )Tj
T*
(circumvent security mechanisms. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(When written down, passwords become much more accessible to )Tj
T*
(unauthorized parties. A knowledgeable person would assume that )Tj
T*
(the password was written down and search the work area of the )Tj
T*
(employee who regularly uses it. Typical places to look would )Tj
T*
(include calendar pads, blotters and little slips of paper. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This is another finding relating to a lack of proper password )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(49 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
607 0 obj 2961
endobj
608 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(management. The risk analysis and cost-benefit analysis of this )Tj
0 -1.2 TD
(issue are contained in Finding 3.3-1. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Establish and enforce a policy that passwords are not to be )Tj
T*
(written down. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2.3-3:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no effective control over mail which may be addressed to )Tj
T*
(specific field office employees and which may contain checks made )Tj
T*
(out to those employees. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(K\)\(5\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(During non-working hours, Unemployment Insurance Bureau-related )Tj
T*
(work materials must be stored in a secure area, such as an entire )Tj
T*
(floor or room. In the event that this access control can be )Tj
T*
(achieved by securing the entire building, it is not necessary to )Tj
T*
(apply restrictive measures to individual locations within the )Tj
T*
(building. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Occasionally an Unemployment Insurance Bureau claimant will )Tj
T*
(attempt to reimburse SOES for an overpayment made on a claim by )Tj
T*
(writing a check to a specific SOES employee. In the absence of )Tj
0 -1.20001 TD
(controls, the employee can cash the check and pocket the money. )Tj
0 -1.2 TD
(He could do this with relative impunity when the overpaid amount )Tj
T*
(is less than $50 because recoupment of such small amounts is not )Tj
0 -1.20001 TD
(pursued beyond the mailing of a single letter requesting )Tj
0 -1.2 TD
(repayment. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(An enterprising cash disposition clerk could attempt to increase )Tj
T*
(the likelihood that checks would be addressed to and/or made out )Tj
T*
(to him. He could then cash all such checks he received. )Tj
T*
( )Tj
T*
(In the worst case a clerk might manage to receive 100 checks per )Tj
T*
(year worth about $100 each for a total of $10K. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(50 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
609 0 obj 2989
endobj
610 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(As this is not a difficult thing to do, we choose the AFE for this \
)Tj
T*
(form of fraud and abuse from the high end of the range, .09. )Tj
T*
( )Tj
T*
(The ALE is then $10K x .09 = $900. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(By requiring all staff members to open personally addressed mail )Tj
T*
(received at the office in the presence of a supervisor, the ALE )Tj
T*
(will be reduced by 95%. )Tj
T*
( )Tj
T*
(The reduced ALE will then be .05 x $900 = $45. )Tj
T*
( )Tj
T*
(The safeguard cost will be essentially zero. The resulting )Tj
T*
(savings is then $860 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.13 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Require that mail addressed to individual employees be opened by )Tj
T*
(mailroom personnel or in the presence of a second party. Require )Tj
T*
(also that employees not intentionally direct personal mail to the )Tj
T*
(SOES address. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.2.4 TELEPHONES)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(The Telephone unit operates under the same general supervisor as )Tj
0 -1.20001 TD
(the Cash Disposition Unit. The unit responds to telephone )Tj
0 -1.2 TD
(inquiries related to Unemployment Insurance Bureau claims. A Rolm \
)Tj
T*
(Automated Call Distribution \(ACD\) System detects incoming calls, \
)Tj
T*
(routes them to available unit personnel and places excess calls on \
)Tj
T*
(hold. The ACD System has a control keyboard and a CRT display. )Tj
T*
(It reports statistics on its operations. There are 12 eastern )Tj
T*
(state WATS lines, 4 western state WATS lines and 5 local lines. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.2.4-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Address changes are accepted from Unemployment Insurance Bureau )Tj
T*
(claimants over the telephone. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(13\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Make sure of the identity of outside personnel into whose )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(51 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
611 0 obj 3210
endobj
612 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(possession Unemployment Insurance Bureau data are to be release. )Tj
0 -1.2 TD
(Special attention should be given to release of personnel )Tj
T*
(information by telephone either within the organization or to the )Tj
T*
(people outside. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The address associated with the payee of a claim constitutes )Tj
T*
(sensitive information as it specifies where potentially large )Tj
T*
(amounts of money will be sent. Persons having the ability to )Tj
T*
(manipulate such address information in effect have the ability to )Tj
T*
(control the disbursement of Unemployment Insurance Bureau benefit )Tj
T*
(funds. )Tj
T*
( )Tj
T*
(To change a claimant's address by telephone, a caller must know )Tj
T*
(only the claimant's name, address and registration number, )Tj
T*
(information which is easily acquired. )Tj
T*
( )Tj
T*
(A clever swindler would find a way to get the necessary )Tj
T*
(information for a relatively large claim and change the address to \
)Tj
T*
(one not associated with him personally but which he could monitor )Tj
T*
(for delivery of the benefit check. When the check arrived, the )Tj
T*
(swindler would steal it form the mailbox unbeknownst to the owners \
)Tj
T*
(and cash it. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(to make such an operation worthwhile, a swindler would probably )Tj
T*
(target larger claims only. He could get the necessary information \
)Tj
T*
(by taking a janitorial job in a private employment service and )Tj
T*
(using his access to the facility to gain access to applicant )Tj
T*
(records. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(With careful planning, the swindler might divert 1,000 or more )Tj
T*
(checks worth $100,000 total over a short period of time. The )Tj
0 -1.20001 TD
(operation would have to be abandoned by the time the intended )Tj
0 -1.2 TD
(payees reported non-receipt of their checks because the resulting )Tj
T*
(investigation would soon focus on the private employment service )Tj
T*
(itself. )Tj
T*
( )Tj
T*
(The same type of operation might be carried out over a longer )Tj
T*
(period of time at multiple facilities. In this case the swindler )Tj
T*
(would divert only one check form each facility in order to keep )Tj
T*
(his modus operandi secret. )Tj
T*
( )Tj
T*
(The AFE for fraud and abuse of .006 applies. The low end of the )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(52 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
613 0 obj 3190
endobj
614 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(scale is used because of the complicated nature of the fraudulent )Tj
0 -1.2 TD
(activity. )Tj
T*
( )Tj
T*
(The ALE is $100K x .006 = $600. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(One suggested safeguard is to require change of address request to \
)Tj
T*
(be in writing over the signature of the claimant. This would foil \
)Tj
T*
(casual swindlers not willing to spend a lot of time and energy on )Tj
T*
(their attempted fraudulent activity, but it would not deter the )Tj
T*
(serious con artist described above who would have access not only )Tj
T*
(to the claimant's personal data but also to copies of his )Tj
T*
(signature. )Tj
T*
( )Tj
T*
(A more effective safeguard would be to issue each claimant a )Tj
T*
(secret password or number to be used as an authorizing code for )Tj
T*
(address changes and other transactions of import. Such a )Tj
T*
(mechanism is already being used by banks, especially those with )Tj
T*
(automated teller terminals. )Tj
T*
( )Tj
T*
(This latter safeguard should reduce the ALE by 95% to $30. )Tj
T*
( )Tj
T*
(The cost of the safeguard is estimated at 3 staff-months for )Tj
T*
(programming modifications to CUIS to generate, use and store the )Tj
T*
(secret codes, plus 1 staff-month of administrative time and $10K )Tj
T*
(for notification of the claimant. We have used $30K salary and )Tj
T*
(100% overhead for programming changes and a grad 30 salary and 25% \
)Tj
0 -1.20001 TD
(overhead for administrative time. This amounts to \(1/4 x $30K x )Tj
0 -1.2 TD
(2.0 + 1/12 x $19,947 x 1.25\) + $10K = $27K. )Tj
T*
( )Tj
0 -1.20001 TD
(This safeguard is clearly not cost-effective. A less expensive )Tj
0 -1.2 TD
(approach would be to record several items of information known )Tj
T*
(only to each claimant and ask the claimant to supply one or more )Tj
T*
(of these items when he requests an address change. The cost of )Tj
T*
(this safeguard would be about one man-week of programming at an )Tj
T*
(annual rate of $30K and 100% overhead or $30K x 2.0 x \(1/52\) = )Tj
T*
($1.2K. )Tj
T*
( )Tj
T*
(The ALE will be reduced by 95% to $30. )Tj
T*
( )Tj
T*
(The 5-year savings will be \($600 - $30\) x 3.79 - $1.2K = $1K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.14 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(53 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
615 0 obj 2961
endobj
616 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(Use personal information to validate the caller's identity. Send )Tj
0 -1.2 TD
(notification of the address change to the old address. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.2.5 AUDITING/TRAINING)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Auditing Unit for each functional area of operations at the )Tj
T*
(Twoville field office reports to the general supervisor for that )Tj
T*
(functional area. All auditing is for the purpose of quality )Tj
T*
(control. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.1.2.5-1)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Auditors in the Twoville field office report to the heads of the )Tj
T*
(units they audit. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(3\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Similar concepts of split duties must be used in critical controls )Tj
T*
(and financial functions. For example, special controls involving )Tj
T*
(more than one person must be established over blank an voided )Tj
T*
(checks. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is a conflict of interest when the supervisor of a )Tj
T*
(particular function also has control over the auditing of that )Tj
T*
(function. An overly ambitious supervisor could attempt to make )Tj
T*
(the performance of his people look better than it really was by )Tj
T*
(influencing the activity of the auditors. In particular, the )Tj
T*
(supervisors can prevent the auditors form increasing the level of )Tj
0 -1.20001 TD
(surveillance of particular employees. )Tj
0 -1.2 TD
( )Tj
T*
(It is our opinion that audit activities should be totally )Tj
0 -1.20001 TD
(independent of the function being audited. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Because there is no opportunity here for direct material gain, we )Tj
T*
(select the AFE to be .006, the low end of the range for fraud and )Tj
T*
(abuse. )Tj
T*
( )Tj
T*
(If a supervisor is able to control the auditing activity and gain )Tj
T*
(access to the auditors' detailed work schedules, he might be able )Tj
T*
(to warn claims processors that a particular day's work will be )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(54 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
617 0 obj 3098
endobj
618 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(reviewed so that they an be at their best performance level. )Tj
0 -1.2 TD
( )Tj
T*
(For the remainder of the time the processors would naturally tend )Tj
T*
(to put speed ahead of quality, knowing that they will not be )Tj
T*
(audited and that incentive pay is available for exceeding the )Tj
T*
(production standards. )Tj
T*
( )Tj
T*
(The result would be an excessive error rate by all affected )Tj
T*
(processors on non-audit days. It would be reasonable to assume )Tj
T*
(that the excessive errors would require half an hour per day per )Tj
T*
(processor to correct. This means that 1/2 / 8 = 1/16 of each )Tj
T*
(processor's working time would be wasted. There are approximately )Tj
T*
(180 processors \(not counting the Telephones Unit\) at the Twoville \
)Tj
T*
(and Threeville field offices. Their average pay is about $5.50 )Tj
T*
(per hour. Using the overhead rate of 25%, their total yearly cost )Tj
T*
(to SOES is 180 processors x 1.25 overhead x $5.50/hr x 8 hrs/day x )Tj
T*
(5 days/wk x 52 wks/yr = $2.5M. )Tj
T*
( )Tj
T*
(The ALE is .006 x $2.5M = $15K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to reorganize the Twoville and Threeville field )Tj
T*
(offices so that the auditors report directly to the respective )Tj
T*
(office managers. This safeguard should have a negligible one-time )Tj
T*
(cost and should reduce the ALE by 95%. )Tj
T*
( )Tj
T*
(The savings will then be \($15K - $1.5K\) = $14K per year. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.15 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(The auditors should report directly to the field office manager. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.2.6 TSI SUPPORT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The TSI support function at Twoville is very similar to that at )Tj
T*
(Fourville. An onsite systems analyst trainee assists the field )Tj
T*
(office staff with software problems and local hardware problems. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of the TSI )Tj
T*
(support personnel at Twoville. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.2.7 PERSONNEL)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(55 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
619 0 obj 2735
endobj
620 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Personnel Unit \(1 person currently assigned\) handles all )Tj
T*
(personnel matters for the Fourville and Twoville field offices. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.3 THREEVILLE FIELD OFFICE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Threeville field office is currently responsible for the )Tj
T*
(direct data entry of claims as well as the correspondence )Tj
T*
(processing associated with these claims. Eventually, Threeville )Tj
T*
(will handle all aspects of the processing of these claims. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.3-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The main entrance of the Threeville field office is not monitored )Tj
T*
(during the early morning and late afternoon. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(2\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Control must also be maintained in other Unemployment Insurance )Tj
T*
(Bureau work areas over the presence of visitors, and the presence )Tj
T*
(of employees after normal working hours. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is similar to that of Finding 3.2.1.1-2. Because the )Tj
T*
(Threeville field office has other physical access control )Tj
T*
(problems, however all are treated together in Finding 2.7-4. The )Tj
T*
(risk analysis and cost-benefit analysis are omitted here as they )Tj
0 -1.20001 TD
(would be repetitive. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Ensure that the reception area is staffed at all times when the )Tj
T*
(main entrance door is unlocked. Alternatively, install a bell or )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(56 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
621 0 obj 2750
endobj
622 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(other signaling device which will sound when the door is opened )Tj
0 -1.2 TD
(from the outside. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.3-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Documents describing restricted access software are not given )Tj
T*
(special protection at the Threeville field office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All the Unemployment Insurance Bureau assets and related )Tj
T*
(operations must be secured against unauthorized access; this )Tj
T*
(includes sensitive data in transit within the organization. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is identical to that of Finding 3.2.1.2-4. The risk )Tj
T*
(analysis and cost-benefit analysis of that finding take both )Tj
T*
(Twoville and Threeville into account and are not repeated here. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Access to restricted software should be controlled through )Tj
0 -1.2 TD
(passwords or user security profiles, not through the secrecy of )Tj
T*
(operating procedures. In the present situation, the restricted )Tj
0 -1.20001 TD
(documents should be stored in locked desks or cabinets. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(3.2.1.3.1 DATA ENTRY)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The direct data entry function is carried out by six units )Tj
T*
(currently operating under a single general supervisor. A )Tj
T*
(correspondence unit and a training and auditing unit also report )Tj
T*
(to the same supervisor. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.3.2 CORRESPONDENCE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(57 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
623 0 obj 2868
endobj
624 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(BACKGROUND AND INTRODUCTION)Tj
/T1_2 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(There is a single Correspondence Unit at Threeville which reports )Tj
T*
(to the same general supervisor as the six data entry units and the )Tj
T*
(Training and Auditing Unit. )Tj
T*
( )Tj
T*
(Problems related to correspondence processing are similar to those )Tj
T*
(at Twoville. See Section 3.2.1.2.2 for details. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.3.3 AUDITING AND TRAINING)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(This unit performs quality control audits of the data entry and )Tj
T*
(correspondence functions and trains newly hired personnel in these )Tj
T*
(areas as well as in the auditing area. )Tj
T*
( )Tj
T*
(The unit reports to the same general supervisor as the six data )Tj
T*
(entry units and the Correspondence Unit. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.2.1.2.3-1:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The Correspondence Unit auditor reports directly to the head of )Tj
T*
(the Correspondence Unit at the Threeville filed office. The data )Tj
T*
(entry auditors report to the General Supervisor of the data entry )Tj
T*
(units. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(4\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Similar concepts of split duties must be used in critical control )Tj
T*
(and financial functions. For example, special controls involving )Tj
T*
(more than one person must be established over blank and voided )Tj
0 -1.20001 TD
(checks. )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Supervision of both an operation and the auditing of that )Tj
T*
(operation represents a conflict of interest. This finding is )Tj
T*
(similar to finding 3.2.1.2.5-1. Supervisors of operational units )Tj
T*
(should not be allowed to challenge the activities of the auditors )Tj
T*
(as they can at the Threeville field office. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The analysis is done under Finding 3.2.1.2.5-1 and is not repeated )Tj
T*
(here. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(58 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
625 0 obj 2814
endobj
626 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(See Finding 3.2.1.2.5-1 )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All auditors should report directly to the field office manager. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.3.3-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Training/Auditing supervisor must relinquish most auditing )Tj
T*
(responsibilities to the General Supervisor when training classes )Tj
T*
(are in session. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(4\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Similar concepts of split duties must be used in critical control )Tj
T*
(and financial functions. For example, special controls involving )Tj
T*
(more than one person must be established over blank and voided )Tj
T*
(checks. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The training and auditing workloads are too heavy for a single )Tj
T*
(person when training classes are in session. The General )Tj
T*
(Supervisor must assume the audit role at such times. This results )Tj
T*
(in a potentially non-uniform approach to auditing and a more )Tj
0 -1.20001 TD
(serious conflict of interest than is normally the case. )Tj
0 -1.2 TD
( )Tj
T*
(The finding is closely related to Finding 3.2.1.3.3-1. )Tj
0 -1.20001 TD
(Consequently, the risk analysis is not repeated here. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Assign the audit responsibility to a single person reporting )Tj
T*
(directly to the field office manager. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.1.3.4 TURNKEY SYSTEMS INC. \(TSI\) SUPPORT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In addition to software and local hardware support, TSI provides )Tj
T*
(and staffs a data center at Threeville which is co-located with )Tj
T*
(the SOES field office. )Tj
T*
( )Tj
T*
(The data center operates two independent IBM 4341 mainframes which )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(59 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
627 0 obj 3313
endobj
628 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(accumulate transactions from Twoville, Threeville and Fourville as )Tj
0 -1.2 TD
(well as the other field offices and transmit them to the TSI Main )Tj
T*
(Data Center in Capitaltown. Each system can serve as backup for )Tj
T*
(the other. If the dedicated lines to Capitaltown go down, )Tj
T*
(connection can be re-established through a dial backup capability. \
)Tj
T*
(When the mainframe in Capitaltown in down, the Threeville Data )Tj
T*
(Center can continue to accept and store transactions until it is )Tj
T*
(brought online again. )Tj
T*
( )Tj
T*
(The overall systems design provides for such excellent backup that )Tj
T*
(loss of the data entry capability \(except due to power failure or )Tj
T*
(virtual destruction of the Threeville Data Center\) is extremely )Tj
T*
(unlikely. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.3.4-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The backup A/C unit for the Threeville Data Center is not )Tj
T*
(periodically tested. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(Q\)\(4\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In the event of a disaster or disruption, the computer facility )Tj
T*
(and the backup facility must have the capability to function )Tj
T*
(normally with minimal delay or lost processing time. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The backup A/C unit is on the roof. Although there was an )Tj
T*
(instance when the main A/C unit failed and the backup unit did not )Tj
T*
(respond, the backup unit is still not subjected to periodic )Tj
T*
(testing or rotated into regular operational use. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Failure of the backup A/C unit could force a halt to operation of )Tj
0 -1.20001 TD
(the Threeville Data Center. Experience has shown that with )Tj
0 -1.2 TD
(exhaust fans, the center cent operated for about three hours after )Tj
T*
(an A/C failure. That should be sufficient time for an A/C )Tj
T*
(serviceman to fix a minor problem. Major problems requiring )Tj
T*
(special parts may take longer. We estimate that such problems )Tj
T*
(can be expected once per year and will require a full day to )Tj
T*
(repair. Most of that time would be spent awaiting the arrival of )Tj
T*
(parts. The AFE is thus 1. The loss to SOES would be 5 hours of )Tj
T*
(processing which would then have to be done in overtime. The )Tj
T*
(additional cost would be half the regular pay of about 97 DDE )Tj
T*
(processors and 16 correspondence processors. The average hourly )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(60 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
629 0 obj 2844
endobj
630 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(rates are about $5.85 for DDE and $6 for Correspondence. )Tj
0 -1.2 TD
( )Tj
T*
(The loss would be 5 hrs x 1.25 overhead x [\(97 data entry )Tj
T*
(processors x $5.85/hr + \(16 corr. processors x $6.00/hr\)] = $4.1K. \
)Tj
T*
( )Tj
T*
(The ALE is thus $4.1K x 1 = $4.1K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Regular testing of the backup A/C unit will eliminate the problem )Tj
T*
(entirely and will cost a negligible amount. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0. The savings will be $4.1K per )Tj
T*
(year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.16 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Test the backup A/C unit on a regular basis. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.3.4-2)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Visitor access records are not kept at the Threeville Data Center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(9\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Access to all EDP operation areas is to be controlled and a record )Tj
0 -1.20001 TD
(maintained of access by other than EDP operations personnel. )Tj
0 -1.2 TD
(\(Permanent onsite maintenance personnel and designated pickup and \
)Tj
T*
(delivery personnel are considered "operations personnel". )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Without access records it is impossible to make a connection )Tj
T*
(between security violations discovered after the fact and the )Tj
T*
(presence of visitors who may have been responsible for the )Tj
T*
(violations. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Although no access records are kept, visitors to the Threeville )Tj
T*
(Data Center are few and generally have official business there. )Tj
T*
(It is very unlikely that such a visitor would attempt to cause any )Tj
T*
(harm. We assign an AFE of .001 taken from the low end of the )Tj
T*
(scale for terrorism and other destructive acts. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(61 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
631 0 obj 2851
endobj
632 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(Because we are examining a problem in which the presence or )Tj
0 -1.2 TD
(absence of visitor records is a determining factor, the damage )Tj
T*
(done by our hypothetical visitor would have to be such as not to )Tj
T*
(become evident until well after his departure, but this is not a )Tj
T*
(difficult matter. )Tj
T*
( )Tj
T*
(The loss to SOES would be the loss in processing time resulting )Tj
T*
(from any damage done to the Threeville Data Center. As much as )Tj
T*
(two weeks might be lost if a difficult to replace item of )Tj
T*
(equipment wee involved. )Tj
T*
( )Tj
T*
(The cost to make up these two weeks in overtime would be 1.5 )Tj
T*
(overtime x \(130 staff\) x \(1.25 overhead\) x \(2 wks\) x \(40 hrs/wk\)\
x )Tj
T*
($6/hr = $117K. )Tj
T*
( )Tj
T*
(The ALE is then $117K x .001 = $120. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Visitor access records should be kept. The cost would be )Tj
T*
(negligible for such a small data center. The savings would result )Tj
T*
(from using the access records to trace the identity of a )Tj
T*
(malefactor and obtain restitution. Part of the restitution would )Tj
T*
(be the cost of the overtime operations made necessary by the )Tj
T*
(destructive act. )Tj
T*
( )Tj
T*
(The records would reduce the ALE by only 50% because it is not at )Tj
T*
(all certain that a problem can be connected with a particular )Tj
T*
(visitor even if his identity is known. )Tj
T*
( )Tj
T*
(The new ALE is $60. The savings will be \($120 - $60\) - $0 = $60 )Tj
T*
(per year. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(See the risk analysis worksheets in Section B.17 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Keep records of visitor access to the Threeville Data Center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.1.3.4-3:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There are no underfloor water detectors at the Threeville Data )Tj
T*
(Center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(O\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(62 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
633 0 obj 2833
endobj
634 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(Valuable equipment or sensitive data must be separated from )Tj
0 -1.2 TD
(hazards if other safeguards are not feasible or cost effective )Tj
T*
(\(e.g., relocate kitchen out from under computer room or tape )Tj
T*
(library away from heating plant boilers.\) )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The risk analysis for this finding is included under Finding 2.2-1 )Tj
T*
(and is not repeated here. This finding is especially significant )Tj
T*
(in light of the potential for flooding at the Threeville field )Tj
T*
(office location identified in Finding 2.2-1. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Install underfloor water detectors at the Threeville Data Center. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.1.3.5 PERSONNEL)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Personnel services at Threeville are provided by a representative )Tj
0 -1.2 TD
(who reports to the Sixville area office of SOES. )Tj
T*
( )Tj
0 -1.20001 TD
(We found no problems in the practices and procedures of this unit. )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(3.2.2 UNEMPLOYMENT INSURANCE BUREAU MANAGEMENT SERVICES)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This group oversees the generation and distribution of about 30 )Tj
T*
(periodically produced reports required by DOL/UIS and SOES. All )Tj
T*
(are derived from computer output. )Tj
T*
( )Tj
T*
(The group is also responsible for the development, maintenance and )Tj
T*
(enhancement of the detailed claims processing procedures used in )Tj
T*
(headquarters and the three field offices. )Tj
T*
( )Tj
T*
(Management Services is additionally developing and marketing two )Tj
T*
(electronic claims submission systems. One will allow employers to )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(63 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
635 0 obj 3038
endobj
636 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(submit wage record data on magnetic tape. The other will allow )Tj
0 -1.2 TD
(them to submit the data online via telephone. )Tj
T*
( )Tj
T*
(Unemployment Insurance Bureau Management Services also acts as an )Tj
T*
(interface between the SOES Unemployment Insurance Bureau and TSI )Tj
T*
(for directing the CUIS development, enhancement and maintenance )Tj
T*
(functions. The group coordinates and approves change requests )Tj
T*
(within SOES, transmits them to TSI and monitors and evaluates the )Tj
T*
(resulting programming effort. )Tj
T*
( )Tj
T*
(The group is lastly responsible for the maintenance of various )Tj
T*
(computer files including employer and claimant correspondence and )Tj
T*
(the full range of edit and audit tests which are applied to all )Tj
T*
(incoming Unemployment Insurance Bureau claims. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(office. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3 LIAISON AND EMPLOYER AUDIT AND REVIEW)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This group acts as an interface between the Unemployment Insurance )Tj
T*
(Bureau and all other organizational elements including DOL/UIS and )Tj
T*
(other SOES departments such as Accounting which provide services )Tj
T*
(to the Unemployment Insurance Bureau. )Tj
T*
( )Tj
T*
(The group also conducts fair hearings on appeals by claimants of )Tj
T*
(the handling of Unemployment Insurance Bureau claims. )Tj
T*
( )Tj
T*
(In the area of employer audit and review, the group performs )Tj
T*
(initial reviews and periodic audits. It also operates a Program )Tj
0 -1.20001 TD
(Integrity Unit to collect information on instances of fraud and )Tj
0 -1.2 TD
(abuse and pass it on to the appropriate authorities. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(3.2.3.1 EMPLOYER AUDIT AND REVIEW)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This Section consists of the Initial Employer Review Unit, )Tj
T*
(Employer Audit Unit, and the Program Integrity Unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3.1.1 INITIAL EMPLOYER REVIEW UNIT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(64 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
637 0 obj 3180
endobj
638 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(This unit collects profile, staffing and salary data on new )Tj
0 -1.2 TD
(employers and enters it into the computer system through CUIS. A )Tj
T*
(profile analysis program then compares this data to statistical )Tj
T*
(averages of data initially supplied by employers later caught in a )Tj
T*
(variety of fraudulent schemes. The program assigns a risk code )Tj
T*
(which then controls the triggering of future reviews of the )Tj
T*
(employer. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.3.1.2 EMPLOYER AUDIT UNIT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This unit carries out reviews of wage record reporting and tax )Tj
T*
(payments which fail the CUIS audit criteria and of claims )Tj
T*
(involving employers who are on review because of suspected )Tj
T*
(irregularities in their tax payment procedures. )Tj
T*
( )Tj
T*
(When a discrepancy is found, the employer involved may be referred )Tj
T*
(to a reviewer, placed on chargeable claims review, or referred to )Tj
T*
(Program Integrity. Alternatively, recoupment action may be )Tj
T*
(initiated or consultation may be sought with the offending )Tj
T*
(claimant. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.3.1.2-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(It would be possible for a reviewer to form a conspiracy for )Tj
0 -1.2 TD
(purposes of fraud with an employer for who he's responsible. )Tj
T*
( )Tj
/T1_3 1 Tf
0 -1.20001 TD
(RELATED CONTROL STANDARD 5137\(C\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. For example, a computer console operator should )Tj
T*
(not be allowed to write programs and introduce them into the )Tj
T*
(system, or to introduce any programs not authorized by someone )Tj
T*
(responsible for internal control, such as the tape librarian. )Tj
T*
( )Tj
T*
(Further examples of duties that should not be assigned the same )Tj
T*
(employee at the same time are scheduling, operating, programming, )Tj
T*
(storage, and the library functions; nor should employees be )Tj
T*
(allowed to perform unassigned duties that might increase their )Tj
T*
(range of activities. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(65 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
639 0 obj 2980
endobj
640 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(In most situations, a SOES employer reviewer could not conspire )Tj
T*
(with an outsider to process claims in a fraudulent manner because )Tj
T*
(he could not guarantee that the fraudulent claims would be )Tj
T*
(assigned to him for review. )Tj
T*
( )Tj
T*
(However, for some industries, there is only one reviewer assigned. \
)Tj
T*
(When a claim deals with a particular industry, the one qualified )Tj
T*
(reviewer is assured of processing it. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The potential for fraud here is estimated at $100K per year. This )Tj
T*
(figure is obtained by estimating the size and number of claims )Tj
T*
(that would be fraudulently processed in the course of a year. )Tj
T*
(Small claims would not be worth the effort. An excessive number )Tj
T*
(of claims would be dangerous. We have estimated 1000 claims per )Tj
T*
(year at $100 each. )Tj
T*
( )Tj
T*
(Because of the need for a conspiracy in this case, an AFE of .006 )Tj
T*
(has been chosen, the low end of the range for fraud and abuse. )Tj
T*
( )Tj
T*
(The ALE is $100K x .006 = $600. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Ensure that more than one reviewer is available for each industry. )Tj
T*
(This will create an effective separation of duties in that no one )Tj
T*
(person will then have full control over one particular aspect of )Tj
T*
(employer review. )Tj
T*
( )Tj
T*
(The cost of adding reviewer staff should be negligible as all are )Tj
0 -1.20001 TD
(paid on the basis of work done, not as full-time employees of )Tj
0 -1.2 TD
(SOES. )Tj
T*
( )Tj
0 -1.20001 TD
(This safeguard should reduce the AFE by 75%. Even with additional )Tj
0 -1.2 TD
(reviewers, some claims will find their way to a conspirator. )Tj
T*
(Those that do not will most likely be denied if they are )Tj
T*
(unjustified. )Tj
T*
( )Tj
T*
(Because of this possibility of denial, fraudulent claims will have )Tj
T*
(to be more subtly prepared and less frequently submitted. The new )Tj
T*
(ALE would be 200 claims by $100 claim x \(.006 x .25\) = $30. )Tj
T*
( )Tj
T*
(The savings will be \($600 - $30\) = $570. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(66 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
641 0 obj 2797
endobj
642 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(See the risk analysis worksheets in Section B.18 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide more than one possible processor for each aspect of claims )Tj
T*
(processing. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.3.1.3 PROGRAM INTEGRITY)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Program Integrity collects information from all available sources )Tj
T*
(concerning fraud and abuse in the Unemployment Insurance program. )Tj
T*
(About 440 cases per year are handled. Of these, 380 prove to be )Tj
T*
(false alarms. The remaining 60 are reported to the State )Tj
T*
(Department of Justice \(SDOJ\). Of these, 10 are eventually cleared \
)Tj
T*
(and SDOJ directs SOES to pursue recoupment in the other 50. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.3.2 LIAISON)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This group acts as an interface between the Unemployment Insurance )Tj
T*
(Bureau and other organizational elements having dealings with or )Tj
T*
(providing services to the Unemployment Insurance Bureau. This )Tj
0 -1.20001 TD
(includes other SOES departments, DOL/UIS and other external )Tj
0 -1.2 TD
(groups. )Tj
T*
( )Tj
0 -1.20001 TD
(The group also processes appeals of Unemployment Insurance Bureau )Tj
0 -1.2 TD
(claims dispositions through the Fair Hearings Section. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.3.2.1 LIAISON)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This section provides the interface with other elements described )Tj
T*
(in Section 3.2.3.2. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.2.3.2.2 FAIR HEARINGS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(67 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
643 0 obj 2884
endobj
644 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(This section processes appeals of claim dispositions by )Tj
T*
(Unemployment Insurance Bureau claimants and payees. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.2.4 EMPLOYER TAX RECORDS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This office serves all of SOES's programs. It maintains an )Tj
T*
(integrated Master Employer File which contains information about )Tj
T*
(employers. The office is responsible for deleting employers as )Tj
T*
(well as updating information on employers already in the file. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(FINDING 3.2.4-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no effective control to ensure that employers who cease )Tj
T*
(doing business or leave the area are purged from the Master )Tj
T*
(Employer File. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(B\)\(3\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Unemployment Insurance Bureau must establish a retention )Tj
T*
(schedule monitoring procedure for all UI data. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Employers who remain on the master file although they are no )Tj
T*
(longer active in the area could be impersonated by individuals )Tj
T*
(attempting to defraud the Unemployment Insurance Bureau benefit )Tj
0 -1.20001 TD
(payment fund. )Tj
0 -1.2 TD
( )Tj
T*
(Currently, employers are removed from the file as a result of )Tj
0 -1.20001 TD
(returned mail and information received from employer review field )Tj
0 -1.2 TD
(contacts. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Lists of employers who have ceased doing business in the State and )Tj
T*
(are potentially still on the Master Employer File can be obtained )Tj
T*
(in a variety of ways requiring only a little ingenuity and effort. \
)Tj
T*
(For example, most telephone books have lists of employers by trade )Tj
T*
(in the Yellow Pages. A comparison of the current and previous )Tj
T*
(editions would provide the desired information. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(68 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
645 0 obj 3012
endobj
646 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(An inquiry to SOES by a concerned claimant might then confirm that )Tj
T*
(an employer is still on file. )Tj
T*
( )Tj
T*
(Continuing in this fashion, it would be possible to acquire all )Tj
T*
(the information necessary to use a departed employer for the )Tj
T*
(purpose of filing phoney claims. )Tj
T*
( )Tj
T*
(As before, a reasonable tradeoff on the total number and size of )Tj
T*
(claims filed in this manner would be about 1,000 claims per year )Tj
T*
(at $100 per claim or $100K per year. The middle of the frequency )Tj
T*
(scale for fraud and abuse yields an AFE of .03. )Tj
T*
( )Tj
T*
(The ALE is then $100K x .03 = $3K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to devise a set of procedures to ensure the )Tj
T*
(currency of the Master Employer File. This might include periodic )Tj
T*
(verifications that employers are still doing business in The State )Tj
T*
(and could be done on the basis of the potential for fraud )Tj
T*
(presented by the dollar volume of Unemployment Insurance Bureau )Tj
T*
(claims being filed by the terminated employees of particular )Tj
T*
(employers. We estimate that this safeguard would cost two staff- )Tj
T*
(weeks of development effort at the grade 32 level and one hour per )Tj
T*
(day of CRT operations at the OE level to process the verification )Tj
T*
(transactions. )Tj
T*
( )Tj
0 -1.20001 TD
(The cost would be 1.25 overhead x 80 hrs x $10.44/hr = $1K for )Tj
0 -1.2 TD
(development \(one-time\) and 1.25 overhead x 5 days/wk x52 weeks x 1 \
)Tj
T*
(hr/day x $7.45/hr = $2.4K per year for verification processing. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The ALE will be reduced by 90% to $300. )Tj
T*
( )Tj
T*
(The 5-year savings will be 3.79 x $3K - 3.79 x $300 - 3.79 x $2.4K )Tj
T*
(- $1K = $160. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.19 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Investigate ways to improve the accuracy and currency of the )Tj
T*
(Master Employer File. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.2.4-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Although signatures are required on documents requesting Master )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(69 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
647 0 obj 3028
endobj
648 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(Employer File updates, the signatures are not verified. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(K\)\(5\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Establish appropriate controls over all sensitive data entering or )Tj
T*
(leaving the facility, employing a system that will preclude )Tj
T*
(erroneous or unauthorized transfer of data, regardless of media or )Tj
T*
(format. These controls must include the maintenance of a record )Tj
T*
(for the logging of shipping and receipts, and periodic )Tj
T*
(reconciliation of these records. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Without verification, impostors could cause changes to be made to )Tj
T*
(the Master employer File which result in funds being diverted from )Tj
T*
(the intended recipients. Signature verification does not require )Tj
T*
(professional handwriting analysis. It is done as a matter of )Tj
T*
(course by store clerks who receive checks from customers. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This finding goes hand-in-hand with Finding 3.2.4-1 above. Once a )Tj
T*
(swindler determines the name of an employer he can exploit, he )Tj
T*
(must either change the employer's address so that the can control )Tj
T*
(correspondence with SOES. The approach he takes will depend on )Tj
T*
(whether or not he has access to legitimate Unemployment Insurance )Tj
T*
(Bureau claimants as well as other considerations. )Tj
T*
( )Tj
T*
(We feel that the two findings are so closely related that separate )Tj
T*
(risk analyses would unreasonably inflate the loss potential )Tj
T*
(associated with inadequacies in Master Employer File management. )Tj
T*
(Consequently, the quantification of this finding is included in )Tj
0 -1.20001 TD
(finding 3.2.4-1. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Verify signatures on Master Employer File update requests. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.3 TURNKEY SYSTEMS INC. SOFTWARE SUPPORT \(HEADQUARTERS\))Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(70 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
649 0 obj 3433
endobj
650 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(This TSI group operates under Unemployment Insurance Bureau )Tj
0 -1.2 TD
(contract to provide all software support services for the )Tj
T*
(Comprehensive Unemployment Insurance System \(CUIS\). CUIS consists \
)Tj
T*
(of a number of online and batch subsystems. There are about 1,680 )Tj
T*
(modules in CUIS, 70% of which are in assembly language and 30% in )Tj
T*
(COBOL. Altogether, there are about 4.2 million lines of source )Tj
T*
(code in CUIS. )Tj
T*
( )Tj
T*
(The TSI Software Support Group consists of three )Tj
T*
(development/maintenance teams in capitalville, three teams in )Tj
T*
(Sevenville, an Industrial Engineer, a Customer Support Unit which )Tj
T*
(provides onsite technical assistance in the field offices and the )Tj
T*
(Threeville Data Center staff. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.3-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no effective separation between CUIS development, testing )Tj
T*
(and maintenance activities and production operations. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(1\): )Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. For example, a computer console operator should )Tj
T*
(not be allowed to write programs and introduce them into the )Tj
T*
(system, or to introduce programs not authorized by someone )Tj
T*
(responsible for internal control, such as a tape librarian. )Tj
T*
(Further examples of duties that should not be assigned the same )Tj
0 -1.20001 TD
(employee at the same time are scheduling, operating, programming, )Tj
0 -1.2 TD
(storage, and the library functions; nor should employees be )Tj
T*
(allowed to perform unassigned duties that might increase the range )Tj
0 -1.20001 TD
(of their activities. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(3\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Test data must not contain actual information which can be linked )Tj
T*
(to specific individuals. If old files containing personal data )Tj
T*
(are used, names, addresses, and other identifiers must be modified )Tj
T*
(to make the personal data meaningless, unless a parallel )Tj
T*
(production run is being performed using live data. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Separation of duties is an important control which can be used to )Tj
T*
(hinder fraud and abuse by employees. It requires that no single )Tj
T*
(employee be given )Tj
/T1_2 1 Tf
(all)Tj
/T1_1 1 Tf
( the authorities that would be )Tj
T*
(necessary to transfer assets outside the organization or to make )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(71 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
651 0 obj 3242
endobj
652 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(changes in operational procedures or the controls over operational )Tj
0 -1.2 TD
(procedures. )Tj
T*
( )Tj
T*
(If a single employee had the ability to write a check on Bureau )Tj
T*
(funds, for example, he could convert those funds to his own use. )Tj
T*
( )Tj
T*
(If a single employee had the authority to modify the code of the )Tj
T*
(CUIS system )Tj
/T1_2 1 Tf
(and)Tj
/T1_1 1 Tf
( to enter transactions which would result )Tj
T*
(in the payment of Unemployment Insurance Bureau benefits, he )Tj
T*
(could easily arrange for his own fraudulent claims to by pass )Tj
T*
(edits and audits and be paid. )Tj
T*
( )Tj
T*
(If, however, such critical duties and authorities are split among )Tj
T*
(two or more employees, collusion will be required in order to )Tj
T*
(defraud the organization successfully. If is always more )Tj
T*
(difficult to effect a criminal partnership than to operate alone. )Tj
T*
(One can never be certain that a co-worker will not immediately )Tj
T*
(report an attempt to solicit his assistance in a criminal venture. )Tj
T*
( )Tj
T*
(Even if a partnership can be successfully formed, all parties must )Tj
T*
(be constantly concerned about the possibility of being double- )Tj
T*
(crossed or betrayed. )Tj
T*
( )Tj
T*
(The issue of this finding is that separation of duties is not )Tj
T*
(effectively used to isolate software development, maintenance and )Tj
T*
(testing activities from production operations. )Tj
T*
( )Tj
T*
(It is generally accepted good practice to assure that all )Tj
T*
(production software is approved by two or more )Tj
T*
(development/maintenance analysts prior to being placed into )Tj
T*
(production and that one in production those analysts be restricted )Tj
T*
(from further modifying the software. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The development/maintenance personnel should at no time have )Tj
T*
(access to the production data files. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Modifications should be triggered only by an assessment from the )Tj
T*
(use or production operations personnel that the software is not )Tj
T*
(functioning properly or that changes are required. )Tj
T*
( )Tj
T*
(When such an assessment is made, copies of the affected production )Tj
T*
(software modules should be passed by production operations to )Tj
T*
(development/maintenance personnel. The same formal approval cycle )Tj
T*
(is then used again in returning these modules to production after )Tj
T*
(they have been modified and tested. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(72 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
653 0 obj 3534
endobj
654 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(In the case of SOES Unemployment Insurance Bureau Operations, the )Tj
0 -1.2 TD
(TSI personnel who develop, maintain and test CUIS also have full )Tj
T*
(access to the operational Unemployment Insurance Bureau data )Tj
T*
(files. It is also possible for a single TSI analyst to make code )Tj
T*
(modifications to CUIS without review by a second party. Although )Tj
T*
(the analyst could not personally inert the modifications into the )Tj
T*
(production software library directly, he could obtain all the )Tj
T*
(necessary approvals based on his word and on the success of )Tj
T*
(testing. )Tj
T*
( )Tj
T*
(It would thus be possible for a software analyst to make )Tj
T*
(surreptitious changes to CUIS which would leave CUIS with its full )Tj
T*
(intended functionality but which would also allow the analyst to )Tj
T*
(subvert the system under circumstances known only to him. We do )Tj
T*
(not mean to imply that any personnel currently working with CUIS )Tj
T*
(would abuse their position in this way. We do mean to state that )Tj
T*
(the controls necessary to prevent such an abuse of trust are not )Tj
T*
(present. )Tj
T*
( )Tj
T*
(As an example of how an unscrupulous software analyst might )Tj
T*
(proceed, consider the following scenario. The analyst, intent on )Tj
T*
(defrauding the system; uses his knowledge of CUIS to determine )Tj
T*
(what kinds of changes would help him and where in CUIS those )Tj
T*
(changes would have to be applied. After forming a list of such )Tj
T*
(potential changes, he waits until he is assigned a small )Tj
T*
(maintenance task \(one not likely to be reviewed by other analysts\) \
)Tj
T*
(involving the module or modules he wishes to change. He then )Tj
T*
(makes the required changes as well as his own secret changes. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The secret changes will be such that they will have no effect on )Tj
T*
(CUIS operation unless invoked by a predetermined pattern of claims )Tj
0 -1.20001 TD
(data, a special codeword entered at a CRT terminal or some other )Tj
0 -1.2 TD
(circumstance unlikely to arise by chance. )Tj
T*
( )Tj
T*
(Consequently, testing will not reveal the presence of the secret )Tj
T*
(changes. Because the changes are not desk-checked by a second )Tj
T*
(analyst, they will not be discovered and will be installed in the )Tj
T*
(production CUIS system. )Tj
T*
( )Tj
T*
(The analyst can then use his ability to enter transactions into )Tj
T*
(the production CUIS system to put his secret changes to work. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Because of the lack of separation of access to CUIS production )Tj
T*
(software and Unemployment Insurance Bureau data files, the )Tj
T*
(Unemployment Insurance Bureau benefit fund is vulnerable to fraud )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(73 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
655 0 obj 2927
endobj
656 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(and abuse by software support personnel. )Tj
0 -1.2 TD
( )Tj
T*
(The loss potential in this case is th full $500K reported by the )Tj
T*
(FBI to be the average loss resulting from a computer fraud. We )Tj
T*
(use the higher figure here because of the unique potential for )Tj
T*
(abuse resulting from the accessibility of both CUIS programs and )Tj
T*
(Unemployment Insurance Bureau data files. )Tj
T*
( )Tj
T*
(The AFE taken from the middle of the range of frequencies for )Tj
T*
(fraud and abuse is .03. )Tj
T*
( )Tj
T*
(The ALE is $500K x .03 = $15K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The suggested safeguard is to apply the principle of separation of )Tj
T*
(duties. TSI software support personnel should have full access to )Tj
T*
(the development version of the CUIS software but not to the )Tj
T*
(production version and not to the production Unemployment )Tj
T*
(Insurance Bureau data files. )Tj
T*
( )Tj
T*
(Data file access should be limited to SOES personnel and/or TSI )Tj
T*
(personnel who do not have access to the CUIS software. )Tj
T*
( )Tj
T*
(Achieving the goal of separation of duties in the software area )Tj
T*
(will require an analysis of the present situation, a plan for )Tj
T*
(realignment of activities and possibly some additional staff time. )Tj
T*
( )Tj
T*
(We estimate the cost to be 3 staff-months of analysis and planning )Tj
T*
(and one staff member quarter-time to coordinate software support )Tj
T*
(with data file access. )Tj
T*
( )Tj
0 -1.20001 TD
(We have used a salary of $30K and 100% overhead for the analysis )Tj
0 -1.2 TD
(and planning task and a grade 30 salary with 25% overhead for the )Tj
T*
(coordination tasks. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The safeguard thus has a one-time cost of 1/4 yr x 2.0 overhead x )Tj
T*
($30K/yr = $15 and a continuing cost of 1/4 yr x 1.25 overhead x )Tj
T*
($19,947/yr = $6.2K. )Tj
T*
( )Tj
T*
(The ALE should be reduced by 90% to $1.5K. )Tj
T*
( )Tj
T*
(The 5-year savings will be 3.79 x \($15k - $1.5K\) - 3.79 x $6.2K - \
)Tj
T*
($15K = $13K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.20 of Appendix B. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(74 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
657 0 obj 2967
endobj
658 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the effective separation of the development )Tj
T*
(maintenance and testing of application systems and the production )Tj
T*
(operation of those systems. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.3-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(It is possible for a single person to carry out all steps )Tj
T*
(necessary to insert a software modification into the production )Tj
T*
(CUIS system without independent review. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Organizations must employ effective measures, consistent with )Tj
T*
(their operational environment, to limit the potential for )Tj
T*
(unassisted fraud. For example, a computer console operator should )Tj
T*
(not be allowed to write programs not authorized by someone )Tj
T*
(responsible for internal control, such as the tape librarian. )Tj
T*
(Further examples of duties that should not be assigned to the same )Tj
T*
(employee at the same time are scheduling, operating, programming, )Tj
T*
(storage, and library functions; nor should employees be allowed to )Tj
T*
(perform unassigned duties that might increase the range of their )Tj
T*
(activities. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(This finding actually represents one aspect of Finding 3.3-1 )Tj
0 -1.2 TD
(above. It is listed separately because it can be addressed )Tj
T*
(separately. However, for risk analysis purposes, this finding )Tj
0 -1.20001 TD
(will be treated as part of Finding 3.3-1. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Ensure that all changes, additions and deletions to production )Tj
T*
(CUIS software are reviewed by at least one analyst not involved in )Tj
T*
(their preparation. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.3-3:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Journalization of CUIS transactions is incomplete. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(H\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Every attempt to update the data file must be logged to both the )Tj
T*
(location and the individual doing the updating. The log or the )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(75 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
659 0 obj 2914
endobj
660 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(journal must show what information was changed and the date. Such )Tj
0 -1.2 TD
(journals must be periodically reviewed: )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(To provide for full data integrity it is necessary that every data )Tj
T*
(item be traceable form its time of original entry, through all )Tj
T*
(intermediate changes up to whatever time an inquiry is made. This )Tj
T*
(means that every transaction resulting in a change to the data )Tj
T*
(item must be recorded along with the ID of the person entering it. )Tj
T*
( )Tj
T*
(This transaction journal file must be maintained for as long as it )Tj
T*
(is intended that the integrity of the related data be accountable. )Tj
T*
( )Tj
T*
(We were informed that the 10 most recent modifications to a SOES )Tj
T*
(Unemployment Insurance Bureau claim are journalized indefinitely )Tj
T*
(and that less than 1% of claims would undergo so much change that )Tj
T*
(information would be lost. )Tj
T*
( )Tj
T*
(It is our opinion that journalization should be complete. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The fact that only the 10 most recent changes are saved could be )Tj
T*
(used to hide fraudulent changes. The procedure would be to make )Tj
T*
(the fraudulent change and then make 10 legitimate changes. )Tj
T*
( )Tj
T*
(Such an approach could not be used too frequently because a )Tj
T*
(pattern of claims with excessive changes would result and might be )Tj
T*
(detected and investigated. )Tj
T*
( )Tj
T*
(This technique of suppressing journalization is one of a number of )Tj
0 -1.20001 TD
(techniques which might support fraudulent activity by software )Tj
0 -1.2 TD
(support personnel \(Finding 3.3-1\) or by claims processors \(Finding \
)Tj
T*
(3.2.1.1.2-1\). )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(A separate risk analysis of this finding would be repetitive and )Tj
T*
(has thus not been done. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for complete journalization of CUIS transactions. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(76 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
661 0 obj 3100
endobj
662 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(FINDING 3.3-4:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Restricted CUIS subsystems are protected by secret clerk numbers )Tj
T*
(coded into the software. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(12\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords must not be displayed on the video display terminals or )Tj
T*
(hardcopy devices. Ensure that computer operators, acting without )Tj
T*
(authority, are not able to display user programs or circumvent )Tj
T*
(security mechanisms. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The use of secret clerk numbers would not constitute a problem all )Tj
T*
(by itself. The coding of the secret numbers directly into )Tj
T*
(application software modules does constitute a problem, however. )Tj
T*
(It results in the need to protect the source code of those modules )Tj
T*
(much more stringently than would otherwise be required. )Tj
T*
( )Tj
T*
(It is normally necessary to protect source code from long term )Tj
T*
(access by unauthorized persons in order to prevent those persons )Tj
T*
(from becoming sufficiently familiar with the structure of the )Tj
T*
(software to plan an attack against it. )Tj
T*
( )Tj
T*
(However, secret clerk numbers can be picked out of a source code )Tj
T*
(listing very rapidly by an experienced analyst. Source code )Tj
0 -1.20001 TD
(containing such secret data must then be protected from very short )Tj
0 -1.2 TD
(term access by unauthorized parties. This of course means that )Tj
T*
(listings cannot be left unattended on desks for short periods of )Tj
0 -1.20001 TD
(time. )Tj
0 -1.2 TD
( )Tj
T*
(Whether or not it contains secret codewords, the source version of )Tj
T*
(production software should not be readable by all system users. )Tj
T*
(The privilege of reading as well as writing production source )Tj
T*
(should be restricted to those with a need to do so. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This finding concerns a weakness which could be exploited by )Tj
T*
(anyone with a knowledge of CUIS and read access to CUIS source. A )Tj
T*
(separate risk analysis of this finding would be repetitive because )Tj
T*
(of its close relationship to Finding 3.3-1. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(77 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
663 0 obj 2652
endobj
664 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Use the ACF2 Security Software to protect restricted CUIS modules )Tj
T*
(where possible. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.3-5:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The CUIS Software Support Group does not enforce periodic changes )Tj
T*
(of passwords and permits the selection of passwords with mnemonic )Tj
T*
(value. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(11\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords must be modified at periodic unannounced intervals, when )Tj
T*
(an individual changes positions, and when a security breach is )Tj
T*
(suspected. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords with mnemonic value are much more easily guessed than )Tj
T*
(random passwords. Passwords should be selected through the use of )Tj
T*
(random number generators. The resulting character strings can be )Tj
T*
(selected in such a way that they are pronounceable but should )Tj
T*
(consist of nonsense syllables only. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(This is another vulnerability which can be exploited by persons )Tj
T*
(familiar with CUIS software and data who have access to )Tj
T*
(Unemployment Insurance Bureau CRTs. The risk analysis of this )Tj
T*
(finding is contained in that of Finding 3.3-1 and is not repeated )Tj
T*
(here. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(SUGGESTEED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(N/A )Tj
0 -1.2 TD
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Enforce periodic changes of passwords. Do not allow the use of )Tj
T*
(passwords with mnemonic value \(other than perhaps )Tj
T*
(pronounceability\). )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.3-6:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(CUIS is not supported to the fullest extent possible by ACF2. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(78 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
665 0 obj 2754
endobj
666 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(RELATED CONTROL STANDARD 5137\(J\)\(7\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The supervisory mode of the on-line system must be limited to )Tj
T*
(terminals restricted for supervisory use, and not be available to )Tj
T*
(all terminals. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(To provide access control, secret clerk Ids have been coded into )Tj
T*
(some of the CUIS modules, a much less desirable alternative than )Tj
T*
(having system software responsible for the management and storing )Tj
T*
(of passwords. \(see Finding 3.3-4.\) )Tj
T*
( )Tj
T*
(ACF2 should be used to control access to the various capabilities )Tj
T*
(of CUIS by claims processors. )Tj
T*
( )Tj
T*
(Because this finding is closely related to Finding 3.3-1, a )Tj
T*
(separate risk analysis would be repetitive. The finding is stated )Tj
T*
(as it is here because it provides a different viewpoint for the )Tj
T*
(same problem. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Use AFC2 to serve all the security needs of online CUIS )Tj
T*
(subsystems. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.3.1 FE TEAM)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(This is the first of the three Capitaltown-based CUIS )Tj
0 -1.2 TD
(development/maintenance teams. It is responsible for the front )Tj
T*
(end \(FE\) or online claims processing software. )Tj
T*
( )Tj
T*
(We found no problems which were unique to the FE Team. Problems )Tj
T*
(common to all teams are discussed in Section 3.3 above. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.3.2 B TEAM)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This is the second of the Capitaltown-based CUIS )Tj
T*
(development/maintenance teams. It is responsible for batch \(B\) )Tj
T*
(claims processing software. )Tj
T*
( )Tj
T*
(We found no problems unique to the B team. Problems common to all )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(79 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
667 0 obj 2890
endobj
668 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(teams are discussed in Section 3.3 above. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(3.3.3 SYSTEM SUPPORT)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This is the third of the Capitaltown-based CUIS )Tj
T*
(development/maintenance teams. Because it is responsible for the )Tj
T*
(software which supports the Master Employer File, this team serves )Tj
T*
(all SOES activities, not just the Unemployment Insurance Bureau. )Tj
T*
(The team also maintains the Unemployment Insurance Bureau )Tj
T*
(disbursement profiles, the complex tables of payments which will )Tj
T*
(be authorized for each category of benefit. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4 TURNKEY SYSTEMS INC. MAIN DATA CENTER)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The TSI Main Data Center in Capitaltown serves government and )Tj
T*
(commercial customers across the State. About 20% of the center's )Tj
T*
(business is the SOES Unemployment Insurance Bureau. Other )Tj
T*
(customers include banks, retailers and other government agencies. )Tj
T*
( )Tj
T*
(The center operates two IBM 3033 mainframes, either of which can )Tj
T*
(handle the complete online CUIS load. )Tj
T*
( )Tj
T*
(The data center staff covers all functional areas involved in the )Tj
T*
(operation of a modern large-scale computer department. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(3.4.1 MAIN DATA CENTER SECURITY)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(This is a staff position reporting to the Operations Manager. The )Tj
T*
(position covers all aspects of physical security for the data )Tj
0 -1.20001 TD
(center. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.1-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(C02 is in use in the data center as a fire suppressant. It is )Tj
T*
(potentially harmful to personnel. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(1\)\(c\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Avoid the use of carbon dioxide area extinguishing systems since )Tj
T*
(they present a significant safety hazard. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(80 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
669 0 obj 3100
endobj
670 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The CO2 for this system is stored in metal tanks in the utility )Tj
T*
(room containing the three motor-generators. It is set to )Tj
T*
(discharge under the raised floor of the main computer room. Seven )Tj
T*
(times the total amount of C02 available would be required to )Tj
T*
(protect the entire computer room. By design, there is only enough )Tj
T*
(to protect the underfloor area. There would be no protection , )Tj
T*
(other than hand-held extinguishers against a major above-floor )Tj
T*
(fire. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES might occur through a lawsuit brought by the )Tj
T*
(estate of a person who is trapped in the data center during the )Tj
T*
(release of C02 and suffocates. )Tj
T*
( )Tj
T*
(The AFE for such a loss is the product of two frequency estimates: \
)Tj
T*
(the estimate for fires which set off the C02 extinguishing system )Tj
T*
(and the estimate for a person being trapped and succumbing given )Tj
T*
(that a fire breaks out and the C02 is released. )Tj
T*
( )Tj
T*
(From national statistics in Appendix A, the AFE for a serious fire )Tj
T*
(is .01. )Tj
T*
( )Tj
T*
(Several factors have a bearing on the likelihood of a person being )Tj
T*
(trapped. The C02 is released under the floor and because its )Tj
0 -1.20001 TD
(density is greater than that of air, will tend to stay there. The )Tj
0 -1.2 TD
(regular data center staff has been warned about the danger. )Tj
T*
( )Tj
0 -1.20001 TD
(On the other hand, the C02 releasing system is pressurized and )Tj
0 -1.2 TD
(will thus tend to force the gas to rise above the floor. Also, )Tj
T*
(visitors are not routinely warned of the danger. )Tj
T*
( )Tj
T*
(We feel that the likelihood of a person being trapped and )Tj
T*
(suffocating under these circumstances very small. An AFE of .001 )Tj
T*
(has been assigned. )Tj
T*
( )Tj
T*
(The loss, if it occurs, would be on the order of $1M in damage )Tj
T*
(awards and $20K in legal fees. The ALE is thus $1M x .01 x .001 = )Tj
T*
($10. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to convert the fire suppression system from C02 )Tj
T*
(to halon 1301. Halon can be used at a level of concentration that )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(81 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
671 0 obj 2777
endobj
672 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(will extinguish fires but will not injure personnel. The cost of )Tj
0 -1.2 TD
(this is estimated at $20K. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0. )Tj
T*
( )Tj
T*
(The safeguard is not cost-effective, but some change away from C02 )Tj
T*
(is advised. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.21 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide full flood halon protection for the entire data center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.1-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no visitor sign-in policy at the data center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(9\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Access to all EDP operations areas is to be controlled and a )Tj
T*
(record maintained of access by other than the EDP operations )Tj
T*
(personnel. \(Permanent onsite maintenance personnel and designated \
)Tj
T*
(pickup and delivery personnel are considered "operations )Tj
T*
(personnel\). )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Records of visitor access to the data center should be recorded at )Tj
T*
(all times. Whereas regular employees are all likely to enter the )Tj
T*
(data center during normal working hours, only an access control )Tj
T*
(log can provide a complete record of visitors. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Criteria for escorting visitors should also be established. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(This finding is related to the problem of controlling physical )Tj
T*
(access to the data center. If an unauthorized person were able to )Tj
T*
(enter he could steal equipment or data and/or do damage to the )Tj
T*
(facility which would interrupt computer operations for as much as )Tj
T*
(four weeks. )Tj
T*
( )Tj
T*
(A number of other findings deal with vulnerabilities which could )Tj
T*
(lead to unauthorized access to the data center. All such findings )Tj
T*
(are assessed collectively here. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(82 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
673 0 obj 3014
endobj
674 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(The loss to SOES if this were to occur would be greatest if it led )Tj
T*
(to a disaster causing a four week shutdown of operations. The )Tj
T*
(cost of such a shutdown would be the cost of overtime necessary to )Tj
T*
(catch up after operations were restored. This cost would be 1.5 )Tj
T*
(overtime x 260 processors x $6/hr x 40 hrs/wk x 4 wks x 1.25 )Tj
T*
(overhead = $470K. )Tj
T*
( )Tj
T*
(The AFE for such an event is taken from the national statistics on )Tj
T*
(destructive acts. It is unlikely that an intruder could simply )Tj
T*
(walk into the data center without advance planning and )Tj
T*
(preparation. The existing access control vulnerabilities require )Tj
T*
(skill and daring to exploit and have led us to choose an AFE at )Tj
T*
(the low end of the range. This AFE is 1. )Tj
T*
( )Tj
T*
(The ALE is then $470 x 1 = $40K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard needed here is a tightening of data center access )Tj
T*
(controls. )Tj
T*
( )Tj
T*
(The blue badge stripe authorizing data center access should be )Tj
T*
(replaced with a more difficult to duplicate token placed entirely )Tj
T*
(under the lamination. Attempts to remove this token from a badge )Tj
T*
(should result in its mutilation. )Tj
T*
( )Tj
T*
(Records of al visitor access to the data center should be )Tj
0 -1.20001 TD
(maintained. )Tj
0 -1.2 TD
( )Tj
T*
(Requests to sign out tapes from the media library should be )Tj
0 -1.20001 TD
(validated. )Tj
0 -1.2 TD
( )Tj
T*
(The cost of these safeguards should not exceed 3-staff months to )Tj
T*
(define and plan and one staff-day per week to implement. Using a )Tj
T*
(salary level of $30K per year for planning and $18K per year for )Tj
T*
(implementation, and an overhead factor of 100% \(typical for )Tj
T*
(contractors\), the one-time cost will be 1/4 yr x \(2.0 overhead\) x \
)Tj
T*
($30K/yr = $15K. The recurring cost will be 1/5 yr x \(2.0 )Tj
T*
(overhead\) x $18K/yr = $7.2K per year. )Tj
T*
( )Tj
T*
(The ALE reduction will be about 75%. The reduced ALE will be 1/4 )Tj
T*
(x $470K = $120K. )Tj
T*
( )Tj
T*
(The 5-year savings will be \($470K - $120K\) x 3.79 - $7.2K x 3.79 - \
)Tj
T*
($15K = $1.3M. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(83 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
675 0 obj 2741
endobj
676 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(See the risk analysis worksheets in Section B.22 of Appendix B. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Implement a visitor sign-in policy for the data center. Validate )Tj
T*
(tape sign-out requests. Modify the badge token authorizing data )Tj
T*
(center access. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.1-3:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The blue ID badge stripe which authorizes data center access can )Tj
T*
(be easily forged. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the contractor's organization. )Tj
T*
(Custody and responsibility ceases at the point where the data is )Tj
T*
(turned over to the U.S. Post Office or other reliable carrier. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The blue stripe which authorizes access to the data center )Tj
T*
(consists of a piece of blue tape attached to the badge form )Tj
T*
(horizontally above the employee picture and sealed by the )Tj
T*
(lamination. )Tj
T*
( )Tj
T*
(This credential could be easily faked by placing the tape stripe )Tj
T*
(over the lamination and then placing a second laminating layer )Tj
T*
(over the first. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(See related Finding 3.4.1-2. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In place of the blue stripe, use a difficult to duplicate marking )Tj
T*
(such as an engraved design and attach it to the ID badge under the )Tj
T*
(lamination. It then becomes impossible to add or remove this )Tj
T*
(credential once a badge has been completely assembled, and the )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(84 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
677 0 obj 2874
endobj
678 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(counterfeiting process is much more difficult than before. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.1-4:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Fire protection by C02 is provided only for the underfloor areas )Tj
T*
(of the data center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(1\)\(B\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Fire extinguishing equipment will vary in accordance with the )Tj
T*
(physical characteristics of the facility and is subject to local )Tj
T*
(regulations. After ensuring that appropriate arrangements have )Tj
T*
(been made for fire fighting assistance, management should use )Tj
T*
(either water or halon systems if area extinguishing systems are )Tj
T*
(determined to be necessary. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is covered under Finding 3.4.1-1. It is stated here )Tj
T*
(in order to bring attention to a separate aspect of the problem. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Install a full-flood halon system in the data center. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.1-5:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The key to the storage area containing blank Unemployment )Tj
0 -1.20001 TD
(Insurance Bureau benefit checks is kept on a hook near the )Tj
0 -1.2 TD
(computer console operator. The access list for the key contains )Tj
T*
(30 names. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the organization. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Access to the key should be restricted to as few people as )Tj
T*
(possible. If one person and an alternate on each shift \(regular )Tj
T*
(plus weekend\) were assigned responsibility for the key, most )Tj
T*
(situations should be covered. Adding a few higher level )Tj
T*
(supervisors to the list should take care of virtually all )Tj
T*
(circumstances. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(85 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
679 0 obj 2826
endobj
680 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(The list should not contain more than about 15 names. It should )Tj
0 -1.2 TD
(also be satisfactory to store the key in the locked wall box in )Tj
T*
(the output processing area. This area is very close to the locked )Tj
T*
(supply cage anyway, and there is little advantage to storing the )Tj
T*
(key on a hook near the console operator where it is not nearly as )Tj
T*
(well protected. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This finding relates to physical access control in the data )Tj
T*
(center. The risk analysis is presented under Finding 3.4.1-2 and )Tj
T*
(is not repeated here. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Pare down the access list for the key to the Unemployment )Tj
T*
(Insurance Bureau blank check storage area. Maintain all copies of )Tj
T*
(the key in protected or continuously monitored storage locations. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.1-6:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There are no alarms and only hand-held fire extinguishers in the )Tj
T*
(supply area adjacent to the main computer room. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(I\)\(2\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(In the computer room, install fire detection equipment that )Tj
T*
(includes alarms. The alarm systems should be capable of )Tj
0 -1.20001 TD
(indicating where the activated alarm is located. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(This problem is related to Findings 3.4.1-4 and 3.4.1-1. Because )Tj
T*
(all three findings are related, the risk analysis and cost-benefit )Tj
T*
(analysis are done only once \(under Finding 3.4.1-1\). )Tj
T*
( )Tj
T*
(The finding is stated separately here to call attention to a )Tj
T*
(different aspect of the problem. )Tj
T*
( )Tj
T*
(The supply area is the area most vulnerable to the starting of a )Tj
T*
(fire and at the same time the area least protected. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(86 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
681 0 obj 2860
endobj
682 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Upgrade the fire detection and suppression equipment in the data )Tj
T*
(center supply storage area. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.4.1-7:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(There is no smoke exhaust capability in the data center. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(P\)\(1\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Equip all computer operations areas with a smoke exhaust )Tj
T*
(capability to minimize the potential hazard to personnel, )Tj
T*
(equipment, and storage media. Equip air conditioning ductwork )Tj
T*
(systems with dampers to prevent the spread of fire, smoke or )Tj
T*
(chemical agents. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(DISCUSSION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Although portable fans are on hand for cooling down overhead )Tj
T*
(equipment and could be used for smoke exhaust purposes, no thought )Tj
T*
(has been given to the problem and no plan for exhausting smoke has )Tj
T*
(been prepared. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(A smoke exhaust system can only be used after the danger of )Tj
T*
(spreading fire has been eliminated. The system would possibly )Tj
0 -1.20001 TD
(have an effect on the chances for survival of any persons trapped )Tj
0 -1.2 TD
(in the computer center during a fire. There would be no effect on )Tj
T*
(material damages due to the fire itself. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(We wee no losses to SOES due to the absence of a smoke exhaust )Tj
T*
(system. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(In spite of the $0 ALE, requirements call for a smoke exhaust )Tj
T*
(capability in all computer operations areas. )Tj
T*
( )Tj
T*
(We recommend that the effectiveness of the portable fans in )Tj
T*
(exhausting smoke be reviewed and if necessary, alternative methods )Tj
T*
(chosen. )Tj
T*
( )Tj
T*
(In all probability, it will be sufficient to draft an emergency )Tj
T*
(procedure specifying how the portable fans should be placed to )Tj
T*
(maximize their smoke exhaust capabilities. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(87 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
683 0 obj 2842
endobj
684 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(The cost of the effectiveness study and procedure preparation )Tj
T*
(should not exceed one staff-month at a salary level of $20K with )Tj
T*
(100% overhead. the cost would be 1/12 yr x 2.0 overhead x $20K/yr )Tj
T*
(= $3.7K. Although the safeguard is not directly cost effective, )Tj
T*
(it is required by the State. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in section B.23 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Formalize the use of portable fans for exhausting smoke. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.4.2 SYSTEMS SOFTWARE)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This group provides support for the operating system, all IBM )Tj
T*
(program products and other proprietary software packages. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.2-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(There is no provision for the real-time on-line reporting of )Tj
T*
(incorrect password usage attempts to a security officer. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(5\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(For on-line systems, limit the number of sign-on attempts and, )Tj
T*
(when the limit is exceeded, generate an alert to the individual )Tj
T*
(responsible for on-line security. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Without on-line reporting of incorrect password entry attempts, it )Tj
T*
(is difficult if not impossible to catch computer system intruders. \
)Tj
0 -1.20001 TD
(An audit trail of all sign-ons, successful or not, would aid in )Tj
0 -1.2 TD
(identifying persons who perform unauthorized activities on the )Tj
T*
(computer system. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This problem is similar in effect to Finding 3.2.1.2.3-1 in that )Tj
T*
(it allows attempts at unauthorized access to CUIS to go )Tj
T*
(undetected. This weakness has been accounted for in the AFE )Tj
T*
(selection made under that finding. The risk analysis is not )Tj
T*
(repeated here. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(88 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
685 0 obj 2780
endobj
686 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the online reporting of incorrect password entry )Tj
T*
(attempts. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.4.3 ONLINE APPLICATIONS)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This group currently provides no support to SOES Unemployment )Tj
T*
(Insurance Bureau operations. The group does maintain the ODCS )Tj
T*
(security subsystem which is not but could be used to protect that )Tj
T*
(portion of CUIS originally designed to operated under ODCS \(as )Tj
T*
(opposed to CICS\). ODCS is the On-line Data Communications System, \
)Tj
T*
(a predecessor to CICS designed and developed by Turnkey Systems, )Tj
T*
(Inc. \(TSI\). )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.4.4 TECH SUPPORT/RTI DIVISION)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This division provides technical assistance to operations and )Tj
T*
(System Engineers \(SEs\) in the field. It also operates a run-time \
)Tj
0 -1.20001 TD
(improvement \(RTI\) program by reviewing PROCS for optimum coding )Tj
0 -1.2 TD
(and assists new data center accounts with their processing. )Tj
T*
( )Tj
0 -1.20001 TD
(About 15% of this division's activities are in support of the SOES )Tj
0 -1.2 TD
(Unemployment Insurance Bureau. )Tj
T*
( )Tj
T*
(The ACF2 Security Software is this division's responsibility. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.4-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The data center has no policy requiring periodic changes to )Tj
T*
(passwords. Users are allowed to specify their own passwords. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(J\)\(11\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Passwords must be modified at periodic unannounced intervals, when )Tj
T*
(an individual changes positions, and when a security breach is )Tj
T*
(suspected. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(89 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
687 0 obj 2820
endobj
688 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(DISCUSSION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(The TSI data center supports a number of corporate customers who )Tj
T*
(process sensitive information. It would thus be wise to require )Tj
T*
(these customers to observe a certain amount of procedural )Tj
T*
(discipline for their own protection. )Tj
T*
( )Tj
T*
(A major part of this discipline would be to require periodic )Tj
T*
(changes of passwords and random selection of passwords. )Tj
T*
( )Tj
T*
(This finding is related to Finding 3.3-1 and the risk analysis and )Tj
T*
(cost-benefit analysis are not repeated here. The purpose of this )Tj
T*
(finding is to point out the separate responsibilities of the CUIS )Tj
T*
(Software Support Group and the TSI Main Data Center to provide for )Tj
T*
(the security of their operations. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(The data center should require the use of randomly generated )Tj
T*
(passwords which are changed at least once a year. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.4.5 DATA MANAGEMENT DIVISION)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(This division is responsible for tape library operations and the )Tj
T*
(Mini Computer Group. )Tj
T*
( )Tj
/T1_3 1 Tf
T*
(3.4.5.1 TAPE LIBRARY)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(The tape library is responsible for all aspects of tape operations )Tj
0 -1.2 TD
(and management. The Tape Library Management System \(TLMS\) )Tj
T*
(provides support in this area. )Tj
0 -1.20001 TD
( )Tj
/T1_1 1 Tf
0 -1.2 TD
(FINDING 3.4.5.1-1:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(No authorization checks are made when tapes are signed out from )Tj
T*
(the tape library. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(All unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the contractor's organization. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(90 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
689 0 obj 2995
endobj
690 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(DISSCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(When an individual attempts to sign out a tape from the tape )Tj
T*
(library, the only check made on his authority to do so is to )Tj
T*
(ensure that he has an ID badge with the blue stripe indicating )Tj
T*
(data center access. This of course does not identify him in any )Tj
T*
(way as the owner of the tape. Also, as discussed in Finding )Tj
T*
(3.4.1-3, the blue stripe is simple to forge. Thus anyone with a )Tj
T*
(SOES picture badge could remove a tape from the library without )Tj
T*
(too much effort. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Loss to SOES because of this, problems could occur in a number of )Tj
T*
(ways. A stolen tape could cause a processing delay of up to a day )Tj
T*
(while the backup was being fetched and updated. A stolen tape )Tj
T*
(could be modified for purposes of fraud on a compatible computer )Tj
T*
(system and then replaced in the library. A stolen tape could be )Tj
T*
(used by an individual for activities in violation of the State )Tj
T*
(Privacy act which would leave SOES vulnerable to lawsuits for not )Tj
T*
(providing proper protection fro such data. )Tj
T*
( )Tj
T*
(The latter scenarios described above lead to the largest loss )Tj
T*
(potentials. We set the loss potential at $100K. )Tj
T*
( )Tj
T*
(The AFE of .006 is taken from the low end of the frequency scale )Tj
T*
(for fraud and abuse because of the effort required to exploit this )Tj
0 -1.20001 TD
(vulnerability. )Tj
0 -1.2 TD
( )Tj
T*
(The ALE is $100K x .006 = $600. )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to validate sign-out requests. This can be done )Tj
T*
(with negligible additional cost by verifying that the tape owner )Tj
T*
(is either making or has authorized the sign-out request. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0. )Tj
T*
( )Tj
T*
(The savings will be $600 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.24 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Release tapes only to their owners or to persons authorized in )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(91 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
691 0 obj 3111
endobj
692 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(writing by the owners. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(FINDINGS 3.4.5.1-2:)Tj
/T1_3 1 Tf
( )Tj
T*
( )Tj
T*
(Non-production tapes are scratched automatically when the )Tj
T*
(retention data is reached. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(C\)\(6\):)Tj
/T1_3 1 Tf
( )Tj
T*
( )Tj
T*
(Routines that modify the status volume serial number of a file )Tj
T*
(must be controlled. This means the authority to scratch, or )Tj
T*
(rename a rile must be limited and controlled. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_3 1 Tf
( )Tj
T*
( )Tj
T*
(Owners of tapes should be notified of approaching scratch dates so )Tj
T*
(that they can be assured of an opportunity to request an )Tj
T*
(extension. It is too easy to lose track of retention dates )Tj
T*
(especially when dealing with a large number of tapes. )Tj
T*
( )Tj
T*
(The tape Library Management System \(TLMS\) could automatically )Tj
T*
(prepare for each owner a list of tapes owned and the corresponding )Tj
T*
(retention dates. Such a list could be prepared periodically \(e.g. \
)Tj
T*
(monthly\). The owners could then indicate any retention date )Tj
T*
(changes and return the list to the library for action. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(NOTE:)Tj
/T1_3 1 Tf
( This is not a problem with CUIS )Tj
/T1_2 1 Tf
(production)Tj
/T1_3 1 Tf
( )Tj
T*
(tapes. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_3 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES in this case would be the cost of regenerating )Tj
0 -1.20001 TD
(the contents of a tape scratched accidentally. The problem could )Tj
0 -1.2 TD
(result not only from the rigid observance of retention dates but )Tj
T*
(also from mismounts and other mistakes. It is unlikely that a )Tj
0 -1.20001 TD
(production data file would be scratched in this manner because )Tj
0 -1.2 TD
(most such files are on disk and production tape files have )Tj
T*
(indefinite retention. Accidents are possible, however. )Tj
T*
( )Tj
T*
(The average tape is 9-track, 2400 feet long, and contains 1,600 )Tj
T*
(bytes per inch. If full, the tape would contain 1,600 bytes/in x )Tj
T*
(12 1n/ft x 1,200 ft = 23M bytes, allowing half the length of the )Tj
T*
(tape for inter-record gaps containing no data. )Tj
T*
( )Tj
T*
(In the worst case, no backup will exist and the entire contents of )Tj
T*
(the tape will have to be key-entered. An experienced data entry )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(92 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
693 0 obj 2947
endobj
694 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(clerk can key 90 words per minute. At 5 characters \(or bytes\) per \
)Tj
0 -1.2 TD
(work on the average, this is the equivalent of 5 bytes/work x 90 )Tj
T*
(words/min x 60 min/hr = 27K bytes/hr. )Tj
T*
( )Tj
T*
(Approximately 23M/27K = 850 hours would be required for the data )Tj
T*
(entry at a cost of not more than $6/hr x 850 hrs x 1.25 overhead = )Tj
T*
($6.4K. )Tj
T*
( )Tj
T*
(No statistics were available on the number of tapes scratched )Tj
T*
(accidentally at the Main Data Center. National statistics predict )Tj
T*
(a range of 12 to 24 accidental scratches per year. )Tj
T*
( )Tj
T*
(Using the lower end of the range, we select an AFE of 12. We also )Tj
T*
(recognize that backup tapes might exist, but not more than half )Tj
T*
(the time because private \(i.e. non-production\) tapes are most )Tj
T*
(susceptible and these are not likely to have backups in more than )Tj
T*
(50% of the cases. )Tj
T*
( )Tj
T*
(The ALE is $6.4K x .5 x 12= $38K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(the safeguard is to consult the owner prior to scratching tapes. )Tj
T*
(The TLMS system is capable of producing inventory lists by owner )Tj
T*
(with retention dates. Each tape owner's list should be sent to )Tj
T*
(him for review once per moth to indicate any needed retention date )Tj
T*
(changes. )Tj
T*
( )Tj
0 -1.20001 TD
(The cost would be one man-day per month maximum on the part of )Tj
0 -1.2 TD
(tape library personnel. At a salary of $18K with 100% overhead, )Tj
T*
(the cost would be \(1/2\) yr x $18K/yr x 2.0 overhead = $3K. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The ALE would be reduced by 75%. The remaining 25% of )Tj
T*
(inappropriate scratches would be done accidentally. )Tj
T*
( )Tj
T*
(The reduced ALE is .25 x $30K = $9.5K. )Tj
T*
( )Tj
T*
(The savings will be \($38K - $9.5K\) - $1.7K = $27K per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.25 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Consult tape owners prior to scratching tapes whose retention )Tj
T*
(dates have passed. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.4.5.1-3:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(93 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
695 0 obj 2863
endobj
696 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(Tapes are not degassed after scratching and prior to reuse. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(M\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(SECURE DISPOSAL - Dispose of all retired, discarded or unneeded )Tj
T*
(sensitive data in a way that makes it impossible for unauthorized )Tj
T*
(personnel to obtain it. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Because tapes are not degaussed prior to reuse and because they )Tj
T*
(are not reserved for use by individual data center customers, it )Tj
T*
(is possible for one customer to scavenge another customer's old )Tj
T*
(data by requesting a scratch tape and reading it before writing )Tj
T*
(it. )Tj
T*
( )Tj
T*
(Scavenging of tapes within a single customer organization is also )Tj
T*
(a potentially serious problem. In this situation a resourceful )Tj
T*
(but unprincipled SOES employee might simply browse through old )Tj
T*
(tapes until he located something useful or interesting such as the )Tj
T*
(source listing of a CUIS module containing an access code or an )Tj
T*
(old wage record tape. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES caused by the failure to degauss scratched tapes )Tj
T*
(would seem to be a secondary effect. The person who detects )Tj
T*
(something of interest on a scratched tape would then have to make )Tj
T*
(use of what he finds. He might find employer numbers and )Tj
T*
(addresses and use them on phoney claims. He might find CUIS )Tj
T*
(source code containing an access password and attempt to gain )Tj
0 -1.20001 TD
(unauthorized access to that part of CUIS. )Tj
0 -1.2 TD
( )Tj
T*
(The effects of this vulnerability are accounted for in the other )Tj
0 -1.20001 TD
(findings of this report. The risk analyses are not repeated here. )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(N/A )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Degauss all scratch tapes prior to reissue. )Tj
T*
( )Tj
T*
(3.4.5.2 MINI COMPUTER GROUP )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(94 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
697 0 obj 707
endobj
698 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67424 Tm
( )Tj
0 -1.2 TD
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(104 of \
104\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
699 0 obj 2864
endobj
700 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This group manages the operation of several mini computers. Only )Tj
T*
(one of these, the Downline Loading System \(DLS\), is operated in )Tj
T*
(support of the Unemployment Insurance Bureau. The DLS is used to )Tj
T*
(send system software modifications directly to the Threeville Data )Tj
T*
(Center from Capitaltown so that on-site SE support requirements at )Tj
T*
(Threeville can be held to a minimum. testing of the Threeville )Tj
T*
(system can also be done from Capitaltown via the DLS. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.4.6 ONLINE/RJE DIVISION )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Online/RJE Division is responsible for teleprocessing )Tj
T*
(hardware, and network operations. With respect to the )Tj
T*
(Unemployment Insurance Bureau, the division initializes CUIS each )Tj
T*
(morning and assures that all data files are open and operable. It )Tj
T*
(also receives calls from the field. Performance-related problems )Tj
T*
(are dealt with either directly or through outside support. Other )Tj
T*
(types of problems are referred to the appropriate group. )Tj
T*
( )Tj
T*
(3.4.7 OUTPUT CONTROL DIVISION: )Tj
T*
( )Tj
0 -1.20001 TD
(The division is responsible for data and forms control, the )Tj
0 -1.2 TD
(operation of conventional and laser printers and the distribution )Tj
T*
(of output. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(We found no problems with the practices and procedures of this )Tj
T*
(division. )Tj
T*
( )Tj
T*
(3.5 ACCOUNTING SERVICES )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This department is responsible for all accounting activities at )Tj
T*
(SOES including bank account management, fund reconciliation, the )Tj
T*
(handling of returned and recouped funds and the disbursement of )Tj
T*
(claim payments. )Tj
T*
( )Tj
T*
(3.5.1 PROGRAMS ACCOUNTING )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(95 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
701 0 obj 2937
endobj
702 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
( )Tj
0 -1.2 TD
(This office handles the accounting for the Unemployment Insurance )Tj
T*
(Bureau program as well as other SOES programs. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDINGS 3.5.1-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Secure areas used by the Programs Accounting Department have walls )Tj
T*
(which do not extend to the true ceiling. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(19\):)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Provide for the secure storage of all media containing sensitive )Tj
T*
(data when it is not is use. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The Accounting Department uses one locked storeroom to hold blank )Tj
T*
(check stock, a second locked room for the occasional overnight )Tj
T*
(storage of printed and signed checks and a third room \(the Cash )Tj
T*
(Receiving area\) for the storage of checks returned by the Postal )Tj
T*
(Service as undeliverable. )Tj
T*
( )Tj
T*
(All three of these room have walls which extend only as for as the )Tj
T*
(dropped ceiling tiles. It is a trivial matter to lift out ceiling )Tj
T*
(tiles and climb over the false wall into the storage area. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The easiest way to take advantage of this vulnerability would be )Tj
T*
(to climb over the wall into the Cash receiving area \(or break down \
)Tj
T*
(the upper half of the Dutch door which is secured only by a single )Tj
T*
(sliding bar latch\) and steal some checks that were returned by the \
)Tj
0 -1.20001 TD
(Postal Service due to incorrect addresses. There is a large )Tj
0 -1.2 TD
(number of these checks on file and some are for amounts in the )Tj
T*
($10K range. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(These large checks are usually tax refunds sent to employers who )Tj
T*
(move all or part of their operations out of state and take most of )Tj
T*
(the affected employees with them. If done properly, the theft )Tj
T*
(will not be detected until the checks clear the bank or possibly )Tj
T*
(later. )Tj
T*
( )Tj
T*
(The loss to SOES might be as much as $100K. )Tj
T*
( )Tj
T*
(The frequency estimate, taken from the low end of the range for )Tj
T*
(theft is 1. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(96 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
703 0 obj 2827
endobj
704 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(The ALE is $100K x 1 = $100K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to extend the walls of all storage areas to the )Tj
T*
(true ceiling and to alarm all doors and windows leading to these )Tj
T*
(areas. )Tj
T*
( )Tj
T*
(The cost will be no more than $2K per room. For 3 rooms the total )Tj
T*
(would be $6K. )Tj
T*
( )Tj
T*
(The ALE will be reduced by 50% to $50K. the reduction will not be )Tj
T*
(greater because the returned checks are still susceptible to theft )Tj
T*
(by employees of the Cash Receiving Unit. In Finding 3.5.1-2, a )Tj
T*
(second safeguard will be proposed to eliminate the remaining ALE. )Tj
T*
( )Tj
T*
(The 5-year savings will be \($100K - $50K\) x 3.79 - $6 = $184K. )Tj
T*
( )Tj
T*
(See risk analysis worksheets in Section B.26 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATOIN:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Extend the walls of all secure storage areas to meet the true )Tj
T*
(ceiling. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINDING 3.5.1-2:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Benefit checks returned to SOES are not batched and present an )Tj
0 -1.2 TD
(easy target for abuse. )Tj
T*
( )Tj
/T1_2 1 Tf
0 -1.20001 TD
(RELATED CONTROL STANDARD 5137\(N\)\(1\):)Tj
/T1_1 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(All Unemployment Insurance Bureau assets and related operations )Tj
T*
(must be secured against unauthorized access; this includes )Tj
T*
(sensitive data in transit within the organization. Custody and )Tj
T*
(responsibility ceases at the point where the data is turned over )Tj
T*
(to the U.S. Post Office or other reliable carrier. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Benefit checks returned as undeliverable by the Postal service are )Tj
T*
(easily recognized by mailroom personnel because of the distinctive )Tj
T*
(envelopes in which they are sent out. )Tj
T*
( )Tj
T*
(They are sent unopened and unbatched to the Cash Receiving area. )Tj
T*
(It would be a simple matter for a mailroom clerk or a cash )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(97 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
705 0 obj 2906
endobj
706 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(receiving clerk to remove some of the checks and attempt to cash )Tj
0 -1.2 TD
(them or sell them to a fence. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This finding is similar to the previous finding in that the )Tj
T*
(targeted asset is the same. In the present situation, the threat )Tj
T*
(agent will have no obstacle \(such as false walls\) to overcome )Tj
T*
(because as a Cash Receiving employee he has access to the returned )Tj
T*
(checks on a regular basis. )Tj
T*
( )Tj
T*
(On the other hand, such an employee would be more vulnerable to )Tj
T*
(detection than an outsider who could disappear without his )Tj
T*
(identity ever becoming known. )Tj
T*
( )Tj
T*
(We do not feel that this finding increases the ALE due to )Tj
T*
(misappropriation of returned checks in Finding 3.5.1-1. )Tj
T*
( )Tj
T*
(The ALE is thus $50K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The main issue of this finding is the lack of controls which would )Tj
T*
(lead to the immediate detection of a missing check. )Tj
T*
( )Tj
T*
(Although the finding does not lead to an increased ALE, it does )Tj
T*
(suggest a means of eliminating the $50K ALE remaining from Finding )Tj
T*
(3.5.1-1. If returned checks are destroyed immediately and then )Tj
T*
(reissued if and when the recipient's correct address comes to )Tj
T*
(light, the entire problem of returned checks will be eliminated. )Tj
T*
( )Tj
T*
(The cost of this safeguard will be a half hour per day for )Tj
0 -1.20001 TD
(batching the returned checks in the mailroom and zero additional )Tj
0 -1.2 TD
(time for Cash Receiving to place the checks in a secure container )Tj
T*
(for disposal instead of in a file cabinet. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(Using the salary of a grade QC mailroom clerk, this cost will be )Tj
T*
(1/2 hr/day x 5 days/wk x 52 wks/yr x $6.76/hr x 1.25 overhead = )Tj
T*
($1.1K. )Tj
T*
( )Tj
T*
(The ALE will be reduced to $0 from $50K. )Tj
T*
( )Tj
T*
(The savings will be \($50K - $1.1K\) = $49 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.27 of Appendix B. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(98 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
707 0 obj 2698
endobj
708 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(RECOMMENDATION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(Batch returned checks in the mailroom prior to sending them to )Tj
T*
(Cash Receiving. Then destroy the checks after generating the )Tj
T*
(necessary accounting records. )Tj
T*
( )Tj
T*
(3.6 LEGAL AFFAIRS )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Legal Affairs provides contracting assistance to the Unemployment )Tj
T*
(Insurance Bureau, monitors federal legislation for Unemployment )Tj
T*
(Insurance Bureau-related issues and serves as a source of )Tj
T*
(information for opposing legal counsel in court cases. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.7 CONSUMER AFFAIRS )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Consumer Affairs processes VIP queries relating to the )Tj
T*
(Unemployment Insurance Bureau and monitors claimant litigation in )Tj
T*
(order to protect SOES's interests. )Tj
T*
( )Tj
T*
(We found no problems with the practices or procedures of this )Tj
T*
(unit. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(3.8 GENERAL AUDIT )Tj
T*
( )Tj
/T1_1 1 Tf
0 -1.20001 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_2 1 Tf
( )Tj
0 -1.2 TD
( )Tj
T*
(General Audit is responsible for all Headquarters financial audit )Tj
T*
(activities and reports to the Assistant Director for Management. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(FINDING 3.8-1:)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(When an audit is to be conducted, advance notice is given to the )Tj
T*
(affected department. )Tj
T*
( )Tj
/T1_1 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(10\):)Tj
/T1_2 1 Tf
( )Tj
T*
( )Tj
T*
(Supervisors have certain responsibilities for the security and )Tj
T*
(integrity of data in their work area. They must be instructed to )Tj
T*
(monitor the activities of the visitors to the work area \(including \
)Tj
T*
(company employees from other work areas\), and to ensure that )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(99 of 1\
04\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
709 0 obj 2725
endobj
710 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(functions of the unit are performed only by employees formally )Tj
0 -1.2 TD
(assigned to the unit. Supervisors should have procedures for )Tj
T*
(handling questionable activities. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Normally only one day advance notice is given. This would be more )Tj
T*
(than sufficient time for an embezzler to remove any incriminating )Tj
T*
(records or complete any cover-up activities. )Tj
T*
( )Tj
T*
(It is our position that records to be examined in an audit should )Tj
T*
(be secured by the auditors with absolutely no advance notice )Tj
T*
(whatsoever. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The loss to SOES in this situation would be due to a failure to )Tj
T*
(detect and recoup misappropriated funds. )Tj
T*
( )Tj
T*
(The loss potential is estimated at $100K. )Tj
T*
( )Tj
T*
(The AFE of .006 is selected from the lower end of the range for )Tj
T*
(fraud and abuse. The AFE is modified by a factor of .5 to allow )Tj
T*
(for the possibility that the perpetrator will not learn of the )Tj
T*
(impending audit and fail to cover his tracks in time. )Tj
T*
( )Tj
T*
(The ALE is $100K x .006 x.5 = $300. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to initiate all audits on a surprise basis and )Tj
T*
(collect all records to be reviewed immediately after announcing )Tj
0 -1.20001 TD
(the audit to the affected department. )Tj
0 -1.2 TD
( )Tj
T*
(The cost of this safeguard is $0. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The ALE will be reduced by 90% to $30. In the other 10% of cases, )Tj
T*
(the perpetrator will not be vulnerable to an audit at the critical )Tj
T*
(time when records are collected. )Tj
T*
( )Tj
T*
(The savings will be $270 per year. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.28 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(100 of \
104\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
711 0 obj 2622
endobj
712 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
(As a matter of policy, give no notice of impending audit activity )Tj
0 -1.2 TD
(to the affected departments. )Tj
T*
( )Tj
T*
(3.9 PLANS AND RESEARCH )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This department develops broad goals and objectives for all SOES )Tj
T*
(activities. It monitors each area of activity and provides )Tj
T*
(feedback when necessary. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(department. )Tj
T*
( )Tj
T*
(3.10 PERSONNEL ADMINISTRATION )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This department is responsible for hiring, salary administration, )Tj
T*
(employee relations, labor union negotiations and all other aspects )Tj
T*
(of personnel administration. )Tj
T*
( )Tj
T*
(3.10.1 COMPENSATION AND BENEFITS )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This office is responsible for ensuring a competitive salary )Tj
T*
(structure at SOES. It also administers the employee benefits )Tj
0 -1.20001 TD
(program and conducts union wage negotiations. Position )Tj
0 -1.2 TD
(classification, performance appraisals and coordination of )Tj
T*
(personnel activities in the eastern half of the state are other )Tj
0 -1.20001 TD
(areas of involvement. )Tj
0 -1.2 TD
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.10.2 EMPLOYEE/LABOR RELATIONS )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This office assists in union negotiations, formulates labor )Tj
T*
(relations policy, ensures SOES compliance with the union contract )Tj
T*
(and performs related duties as directed. )Tj
T*
( )Tj
T*
(We found no problem with the practices and procedures of this )Tj
T*
(office. )Tj
T*
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(101 of \
104\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
713 0 obj 2597
endobj
714 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 753.67419 Tm
(3.10.3 EMPLOYEE SELECTION/DEVELOPMENT )Tj
0 -1.2 TD
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This office determines the needs of SOES in the area of employee )Tj
T*
(development and sets up programs to satisfy those needs. It also )Tj
T*
(plans and directs employment activities and runs the EEO program. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(office. )Tj
T*
( )Tj
T*
(3.11 GENERAL SERVICES )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(General Services is responsible for all matters concerning )Tj
T*
(physical facilities, incoming and outgoing mail, the procurement )Tj
T*
(of goods and services, word processing, reproduction, the )Tj
T*
(headquarters telephone switchboard and forms management. )Tj
T*
( )Tj
T*
(3.11.1 FACILITIES )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Facilities is responsible for all matters concerning the SOES )Tj
T*
(physical plant including leases, guard service, fire protection, )Tj
T*
(etc. )Tj
T*
( )Tj
T*
(We found no problems with the practices and procedures of this )Tj
T*
(unit. )Tj
T*
( )Tj
T*
(3.11.2 MAIL AND DISTRIBUTION )Tj
0 -1.20001 TD
( )Tj
/T1_2 1 Tf
0 -1.2 TD
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
0 -1.20001 TD
(Mail and distribution receives, sorts and distributes incoming )Tj
0 -1.2 TD
(mail from the Postal Service and other carriers. it also )Tj
T*
(processes outgoing mail. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(FINING 3.11.2-1:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The storeroom used by the Mail and Distribution Department has )Tj
T*
(walls which do not extend to the true ceiling as well as unalarmed )Tj
T*
(exterior windows. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RELATED CONTROL STANDARD 5137\(N\)\(9\):)Tj
/T1_1 1 Tf
( )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(102 of \
104\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
715 0 obj 2656
endobj
716 0 obj<>stream
/Artifact <>BDC
0 0 0 rg
0 i
BT
/T1_0 1 Tf
0 Tc 0 Tw 0 Ts 100 Tz 0 Tr 8.36066 0 0 8.36066 18 780.6552 Tm
(Attachment to UIPL 42-87, Change 1)Tj
ET
EMC
/Article <>BDC
q
0 18 612 756 re
W* n
BT
/T1_1 1 Tf
13.00546 0 0 13.00546 9.28961 755.33545 Tm
( )Tj
0 -1.2 TD
(Provide for the secure storage of all media containing sensitive )Tj
T*
(data when it is not in sue. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(DISCUSSION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(This is another instance of the problem discussed in Finding )Tj
T*
(3.5.1-1. In this case, the storage room has walls which do not )Tj
T*
(extend to the true ceiling and unalarmed windows. The room is )Tj
T*
(used to store 5 to 10 Unemployment Insurance Bureau benefit checks )Tj
T*
(overnight once or twice per week. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RISK ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The checks stored in this room could be stolen. An insider would )Tj
T*
(wait until one or more large checks were to be stored overnight. )Tj
T*
(The average value of a check is about $200. A large check might )Tj
T*
(be worth $5K to $10K. We set the loss potential at $10K for the )Tj
T*
(worst case. )Tj
T*
( )Tj
T*
(The AFE of 1 is taken from the low end of the range for theft. )Tj
T*
( )Tj
T*
(The ALE is $10K x 1 = $10K. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(SUGGESTED SAFEGUARDS AND COST-BENEFIT ANALYSIS:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(The safeguard is to alarm the door and windows in this room and to )Tj
T*
(extend the walls to the true ceiling. The cost will not exceed )Tj
0 -1.20001 TD
($2K. )Tj
0 -1.2 TD
( )Tj
T*
(The ALE will be reduced to $0. )Tj
0 -1.20001 TD
( )Tj
0 -1.2 TD
(The 5-year savings will be 3.79 x \($10K - $0\) - $2K = $3.6K. )Tj
T*
( )Tj
T*
(See the risk analysis worksheets in Section B.29 of Appendix B. )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(RECOMMENDATION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Extend the walls of all secure storage areas to meet the true )Tj
T*
(ceiling. )Tj
T*
( )Tj
T*
(3.11.3 MATERIEL SERVICES )Tj
T*
( )Tj
/T1_2 1 Tf
T*
(BACKGROUND AND INTRODUCTION:)Tj
/T1_1 1 Tf
( )Tj
T*
( )Tj
T*
(Material Services is responsible for all purchasing, warehousing )Tj
T*
(and records storage within SOES. )Tj
ET
EMC
/Artifact <>BDC
Q
BT
/T1_0 1 Tf
8.36066 0 0 8.36066 18 7.6552 Tm
(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm \(103 of \
104\)3/7/2008 8:06:47 AM)Tj
ET
EMC
endstream
endobj
717 0 obj(Attachment to UIPL 42-87, Change 1)
endobj
718 0 obj<>
endobj
719 0 obj(http://www.ows.doleta.gov/dmstree/uipl/uipl87/uipl_4287c1a.htm)
endobj
720 0 obj(2$mım{?)
endobj
721 0 obj<>
endobj
722 0 obj<>
endobj
723 0 obj(?\)fK[z~1;˄)
endobj
724 0 obj<>
endobj
725 0 obj<>stream
State Employment Security Agency (SESA) Internal Security Risk Analysis Technical Assistance Guide
endstream
endobj
xref
1 3
0000025117 00000 n
0000025245 00000 n
0000025323 00000 n
6 4
0000025549 00000 n
0000025615 00000 n
0000025717 00000 n
0000025780 00000 n
11 2
0000025835 00000 n
0000026064 00000 n
17 1
0000026114 00000 n
19 1
0000026320 00000 n
38 1
0000026563 00000 n
44 5
0000026595 00000 n
0000026651 00000 n
0000026708 00000 n
0000026765 00000 n
0000026850 00000 n
50 676
0000027043 00000 n
0000027064 00000 n
0000030307 00000 n
0000030528 00000 n
0000030552 00000 n
0000030761 00000 n
0000030785 00000 n
0000031020 00000 n
0000031044 00000 n
0000031299 00000 n
0000031330 00000 n
0000031583 00000 n
0000031794 00000 n
0000031818 00000 n
0000032067 00000 n
0000032091 00000 n
0000032324 00000 n
0000032348 00000 n
0000032472 00000 n
0000032518 00000 n
0000032727 00000 n
0000032751 00000 n
0000032960 00000 n
0000032984 00000 n
0000033193 00000 n
0000033217 00000 n
0000033427 00000 n
0000033522 00000 n
0000033617 00000 n
0000033641 00000 n
0000033851 00000 n
0000033875 00000 n
0000034085 00000 n
0000034171 00000 n
0000034264 00000 n
0000034358 00000 n
0000034379 00000 n
0000036681 00000 n
0000036705 00000 n
0000036915 00000 n
0000036936 00000 n
0000039683 00000 n
0000039707 00000 n
0000039929 00000 n
0000040020 00000 n
0000040041 00000 n
0000042979 00000 n
0000043003 00000 n
0000043048 00000 n
0000043271 00000 n
0000043366 00000 n
0000043388 00000 n
0000046956 00000 n
0000046981 00000 n
0000047193 00000 n
0000047215 00000 n
0000049702 00000 n
0000049727 00000 n
0000049951 00000 n
0000049973 00000 n
0000053040 00000 n
0000053065 00000 n
0000053277 00000 n
0000053299 00000 n
0000056294 00000 n
0000056319 00000 n
0000056531 00000 n
0000056553 00000 n
0000059850 00000 n
0000059875 00000 n
0000060087 00000 n
0000060187 00000 n
0000060209 00000 n
0000063337 00000 n
0000063362 00000 n
0000063586 00000 n
0000063608 00000 n
0000066662 00000 n
0000066687 00000 n
0000066899 00000 n
0000066921 00000 n
0000070032 00000 n
0000070057 00000 n
0000070281 00000 n
0000070303 00000 n
0000073711 00000 n
0000073736 00000 n
0000073960 00000 n
0000073982 00000 n
0000079797 00000 n
0000079822 00000 n
0000080046 00000 n
0000080147 00000 n
0000080169 00000 n
0000083223 00000 n
0000083248 00000 n
0000083460 00000 n
0000083482 00000 n
0000086739 00000 n
0000086764 00000 n
0000086988 00000 n
0000087010 00000 n
0000090141 00000 n
0000090166 00000 n
0000090378 00000 n
0000090400 00000 n
0000093508 00000 n
0000093533 00000 n
0000093757 00000 n
0000093779 00000 n
0000096896 00000 n
0000096921 00000 n
0000097145 00000 n
0000097246 00000 n
0000097268 00000 n
0000100071 00000 n
0000100096 00000 n
0000100320 00000 n
0000100342 00000 n
0000102747 00000 n
0000102772 00000 n
0000102984 00000 n
0000103006 00000 n
0000106024 00000 n
0000106049 00000 n
0000106273 00000 n
0000106295 00000 n
0000109012 00000 n
0000109037 00000 n
0000109249 00000 n
0000109271 00000 n
0000112172 00000 n
0000112197 00000 n
0000112433 00000 n
0000112534 00000 n
0000112556 00000 n
0000115268 00000 n
0000115293 00000 n
0000115341 00000 n
0000115565 00000 n
0000115587 00000 n
0000118340 00000 n
0000118365 00000 n
0000118577 00000 n
0000118599 00000 n
0000121289 00000 n
0000121314 00000 n
0000121526 00000 n
0000121548 00000 n
0000124233 00000 n
0000124258 00000 n
0000124482 00000 n
0000124504 00000 n
0000127056 00000 n
0000127081 00000 n
0000127305 00000 n
0000127406 00000 n
0000127428 00000 n
0000130233 00000 n
0000130258 00000 n
0000130470 00000 n
0000130492 00000 n
0000133406 00000 n
0000133431 00000 n
0000133655 00000 n
0000133677 00000 n
0000136561 00000 n
0000136586 00000 n
0000136810 00000 n
0000136832 00000 n
0000139421 00000 n
0000139446 00000 n
0000139658 00000 n
0000139680 00000 n
0000142451 00000 n
0000142476 00000 n
0000142688 00000 n
0000142789 00000 n
0000142811 00000 n
0000145803 00000 n
0000145828 00000 n
0000146040 00000 n
0000146062 00000 n
0000148761 00000 n
0000148786 00000 n
0000149010 00000 n
0000149032 00000 n
0000151931 00000 n
0000151956 00000 n
0000152180 00000 n
0000152202 00000 n
0000155104 00000 n
0000155129 00000 n
0000155353 00000 n
0000155375 00000 n
0000158004 00000 n
0000158029 00000 n
0000158241 00000 n
0000158342 00000 n
0000158364 00000 n
0000161072 00000 n
0000161097 00000 n
0000161309 00000 n
0000161409 00000 n
0000161506 00000 n
0000161528 00000 n
0000164281 00000 n
0000164306 00000 n
0000164530 00000 n
0000164552 00000 n
0000167095 00000 n
0000167120 00000 n
0000167332 00000 n
0000167354 00000 n
0000169747 00000 n
0000169772 00000 n
0000169984 00000 n
0000170006 00000 n
0000172663 00000 n
0000172688 00000 n
0000172912 00000 n
0000173013 00000 n
0000173035 00000 n
0000175552 00000 n
0000175577 00000 n
0000175801 00000 n
0000175823 00000 n
0000178567 00000 n
0000178592 00000 n
0000178816 00000 n
0000178838 00000 n
0000181487 00000 n
0000181512 00000 n
0000181736 00000 n
0000181758 00000 n
0000184623 00000 n
0000184648 00000 n
0000184872 00000 n
0000184894 00000 n
0000187408 00000 n
0000187433 00000 n
0000187645 00000 n
0000187746 00000 n
0000187768 00000 n
0000190417 00000 n
0000190442 00000 n
0000190654 00000 n
0000190676 00000 n
0000193280 00000 n
0000193305 00000 n
0000193517 00000 n
0000193539 00000 n
0000196171 00000 n
0000196196 00000 n
0000196408 00000 n
0000196430 00000 n
0000199283 00000 n
0000199308 00000 n
0000199532 00000 n
0000199554 00000 n
0000202387 00000 n
0000202412 00000 n
0000202779 00000 n
0000202821 00000 n
0000203045 00000 n
0000203146 00000 n
0000203168 00000 n
0000205772 00000 n
0000205797 00000 n
0000206021 00000 n
0000206043 00000 n
0000208784 00000 n
0000208809 00000 n
0000209021 00000 n
0000209043 00000 n
0000211421 00000 n
0000211446 00000 n
0000211670 00000 n
0000211692 00000 n
0000214085 00000 n
0000214110 00000 n
0000214334 00000 n
0000214356 00000 n
0000216867 00000 n
0000216892 00000 n
0000217104 00000 n
0000217205 00000 n
0000217227 00000 n
0000219684 00000 n
0000219709 00000 n
0000219933 00000 n
0000219955 00000 n
0000222911 00000 n
0000222936 00000 n
0000223148 00000 n
0000223170 00000 n
0000225657 00000 n
0000225682 00000 n
0000225894 00000 n
0000225916 00000 n
0000228410 00000 n
0000228435 00000 n
0000228647 00000 n
0000228669 00000 n
0000231145 00000 n
0000231170 00000 n
0000231382 00000 n
0000231483 00000 n
0000231505 00000 n
0000234186 00000 n
0000234211 00000 n
0000234423 00000 n
0000234523 00000 n
0000234545 00000 n
0000237368 00000 n
0000237393 00000 n
0000237605 00000 n
0000237627 00000 n
0000240250 00000 n
0000240275 00000 n
0000240487 00000 n
0000240509 00000 n
0000242949 00000 n
0000242974 00000 n
0000243186 00000 n
0000243208 00000 n
0000245735 00000 n
0000245760 00000 n
0000245984 00000 n
0000246085 00000 n
0000246107 00000 n
0000248762 00000 n
0000248787 00000 n
0000249011 00000 n
0000249033 00000 n
0000251704 00000 n
0000251729 00000 n
0000251941 00000 n
0000251963 00000 n
0000255039 00000 n
0000255064 00000 n
0000255276 00000 n
0000255298 00000 n
0000258183 00000 n
0000258208 00000 n
0000258420 00000 n
0000258442 00000 n
0000261619 00000 n
0000261644 00000 n
0000261856 00000 n
0000261957 00000 n
0000261979 00000 n
0000264549 00000 n
0000264574 00000 n
0000264786 00000 n
0000264808 00000 n
0000267418 00000 n
0000267443 00000 n
0000267655 00000 n
0000267677 00000 n
0000270234 00000 n
0000270259 00000 n
0000270471 00000 n
0000270493 00000 n
0000273236 00000 n
0000273261 00000 n
0000273485 00000 n
0000273507 00000 n
0000275802 00000 n
0000275827 00000 n
0000276051 00000 n
0000276152 00000 n
0000276174 00000 n
0000278571 00000 n
0000278596 00000 n
0000278820 00000 n
0000278842 00000 n
0000281375 00000 n
0000281400 00000 n
0000281612 00000 n
0000281634 00000 n
0000284377 00000 n
0000284402 00000 n
0000284626 00000 n
0000284648 00000 n
0000287068 00000 n
0000287093 00000 n
0000287305 00000 n
0000287327 00000 n
0000289984 00000 n
0000290009 00000 n
0000290221 00000 n
0000290322 00000 n
0000290344 00000 n
0000292728 00000 n
0000292753 00000 n
0000292965 00000 n
0000292987 00000 n
0000295504 00000 n
0000295529 00000 n
0000295922 00000 n
0000296432 00000 n
0000296644 00000 n
0000296666 00000 n
0000299135 00000 n
0000299160 00000 n
0000299372 00000 n
0000299394 00000 n
0000301897 00000 n
0000301922 00000 n
0000302134 00000 n
0000302156 00000 n
0000304641 00000 n
0000304666 00000 n
0000304879 00000 n
0000304980 00000 n
0000305002 00000 n
0000307425 00000 n
0000307450 00000 n
0000307663 00000 n
0000307771 00000 n
0000307793 00000 n
0000310256 00000 n
0000310281 00000 n
0000310494 00000 n
0000310516 00000 n
0000313154 00000 n
0000313179 00000 n
0000313392 00000 n
0000313414 00000 n
0000316168 00000 n
0000316193 00000 n
0000316406 00000 n
0000316428 00000 n
0000319018 00000 n
0000319043 00000 n
0000319244 00000 n
0000319353 00000 n
0000319375 00000 n
0000321881 00000 n
0000321906 00000 n
0000321928 00000 n
0000324435 00000 n
0000324457 00000 n
0000327037 00000 n
0000327059 00000 n
0000329529 00000 n
0000329551 00000 n
0000332100 00000 n
0000332122 00000 n
0000334463 00000 n
0000334485 00000 n
0000336852 00000 n
0000336874 00000 n
0000339138 00000 n
0000339160 00000 n
0000341399 00000 n
0000341421 00000 n
0000343719 00000 n
0000343810 00000 n
0000343832 00000 n
0000346550 00000 n
0000346572 00000 n
0000349729 00000 n
0000349751 00000 n
0000353088 00000 n
0000353110 00000 n
0000357090 00000 n
0000357112 00000 n
0000360011 00000 n
0000360033 00000 n
0000363511 00000 n
0000363533 00000 n
0000366939 00000 n
0000366961 00000 n
0000370669 00000 n
0000370691 00000 n
0000374230 00000 n
0000374252 00000 n
0000377718 00000 n
0000377740 00000 n
0000381263 00000 n
0000381285 00000 n
0000385105 00000 n
0000385127 00000 n
0000391361 00000 n
0000391383 00000 n
0000394849 00000 n
0000394871 00000 n
0000398540 00000 n
0000398562 00000 n
0000402105 00000 n
0000402127 00000 n
0000405647 00000 n
0000405669 00000 n
0000409198 00000 n
0000409220 00000 n
0000412435 00000 n
0000412457 00000 n
0000415274 00000 n
0000415296 00000 n
0000418726 00000 n
0000418748 00000 n
0000421877 00000 n
0000421899 00000 n
0000425212 00000 n
0000425234 00000 n
0000428358 00000 n
0000428380 00000 n
0000431545 00000 n
0000431567 00000 n
0000434669 00000 n
0000434691 00000 n
0000437788 00000 n
0000437810 00000 n
0000440774 00000 n
0000440796 00000 n
0000444013 00000 n
0000444035 00000 n
0000447361 00000 n
0000447383 00000 n
0000450679 00000 n
0000450701 00000 n
0000453702 00000 n
0000453724 00000 n
0000456907 00000 n
0000456929 00000 n
0000460340 00000 n
0000460362 00000 n
0000463473 00000 n
0000463495 00000 n
0000466806 00000 n
0000466828 00000 n
0000470142 00000 n
0000470164 00000 n
0000473205 00000 n
0000473227 00000 n
0000476347 00000 n
0000476369 00000 n
0000479534 00000 n
0000479556 00000 n
0000482511 00000 n
0000482533 00000 n
0000485338 00000 n
0000485360 00000 n
0000488429 00000 n
0000488451 00000 n
0000491380 00000 n
0000491402 00000 n
0000494558 00000 n
0000494580 00000 n
0000497641 00000 n
0000497663 00000 n
0000500940 00000 n
0000500962 00000 n
0000503888 00000 n
0000503910 00000 n
0000506971 00000 n
0000506993 00000 n
0000510009 00000 n
0000510031 00000 n
0000513075 00000 n
0000513097 00000 n
0000516362 00000 n
0000516384 00000 n
0000519629 00000 n
0000519651 00000 n
0000522667 00000 n
0000522689 00000 n
0000525842 00000 n
0000525864 00000 n
0000528654 00000 n
0000528676 00000 n
0000531481 00000 n
0000531503 00000 n
0000534426 00000 n
0000534448 00000 n
0000537317 00000 n
0000537339 00000 n
0000540707 00000 n
0000540729 00000 n
0000543628 00000 n
0000543650 00000 n
0000546556 00000 n
0000546578 00000 n
0000549466 00000 n
0000549488 00000 n
0000552581 00000 n
0000552603 00000 n
0000555838 00000 n
0000555860 00000 n
0000558895 00000 n
0000558917 00000 n
0000561769 00000 n
0000561791 00000 n
0000564730 00000 n
0000564752 00000 n
0000567819 00000 n
0000567841 00000 n
0000570924 00000 n
0000570946 00000 n
0000574434 00000 n
0000574456 00000 n
0000577753 00000 n
0000577775 00000 n
0000581364 00000 n
0000581386 00000 n
0000584368 00000 n
0000584390 00000 n
0000587412 00000 n
0000587434 00000 n
0000590403 00000 n
0000590425 00000 n
0000593580 00000 n
0000593602 00000 n
0000596309 00000 n
0000596331 00000 n
0000599140 00000 n
0000599162 00000 n
0000602107 00000 n
0000602129 00000 n
0000605284 00000 n
0000605306 00000 n
0000608138 00000 n
0000608160 00000 n
0000611229 00000 n
0000611251 00000 n
0000614047 00000 n
0000614069 00000 n
0000616998 00000 n
0000617020 00000 n
0000619901 00000 n
0000619923 00000 n
0000622838 00000 n
0000622860 00000 n
0000625757 00000 n
0000625779 00000 n
0000628614 00000 n
0000628636 00000 n
0000631511 00000 n
0000631533 00000 n
0000634583 00000 n
0000634605 00000 n
0000637771 00000 n
0000637793 00000 n
0000640795 00000 n
0000640817 00000 n
0000643735 00000 n
0000643756 00000 n
0000644518 00000 n
0000644540 00000 n
0000647459 00000 n
0000647481 00000 n
0000650473 00000 n
0000650495 00000 n
0000653377 00000 n
0000653399 00000 n
0000656360 00000 n
0000656382 00000 n
0000659135 00000 n
0000659157 00000 n
0000661937 00000 n
0000661959 00000 n
0000664636 00000 n
0000664658 00000 n
0000667310 00000 n
0000667332 00000 n
0000670043 00000 n
0000670096 00000 n
0000670272 00000 n
0000670353 00000 n
0000670388 00000 n
0000671315 00000 n
0000671368 00000 n
0000671404 00000 n
0000671531 00000 n
trailer
<]/Prev 23962 >>
startxref
674929
%%EOF