A recent report out of the DHS's Inspector General's office raises concerns that the Department of Homeland Security is still not taking adequate precautions to protect sensitive information. From the article at Federal Computing Weekly:

“Procedural and operational issues, however, remain regarding the effectiveness of the implementation of the department’s intelligence security program and system controls,” the report said. “Furthermore, the department has not yet fully addressed the issues and recommendations that we reported in fiscal year 2006.”

What I find alarming is that the Inspector General's report reccomends, as a solution, security awareness training! From the actual report:

To better manage and execute the responsibilities regarding the department’s information technology security program for its intelligence systems, we recommended that the Under Secretary for Intelligence and Analysis, through the Director, Information Sharing and Knowledge Management, issue formal guidance for the department’s intelligence activities and establish an information systems’ security education, training, and awareness program for intelligence personnel.

Sorry Charlie, an information security education program does not make information secure. Technology, policies, procedures, and enforcement do that. With a heavy emphasis on technology. If "intelligence personnel" are walking away from their terminals with out logging out, impliment proximity sensors. If they are forgetting to hit the"encrypt" key on emails deploy a DLP solution that knows when to encrypt. Or encrypt everything.

If the Under Secretary for Intelligence and Analysis (Charles E. Allen) issues formal guidance to DHS on user awareness training the net impact will be zero and next year the Inspector General will be issuing yet another dissapointing report.