Sunday, April 5, 2020

Subscribers Only

Free

Commerce Needs to Improve Its Capability to Effectively Share Cyber Threat Information

In an audit to determine the capabilities and practices of the Commerce Department to carry out cybersecurity information sharing, consistent with the Cybersecurity Information Sharing Act of 2015, the agency’s Office of Inspector General found that: The department lacked an internal automated sharing capability, resulting in a tedious manual process to ingest or share cyber […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Information Security: Review of GAO’s Program and Practices for Fiscal Year 2019

The GAO’s Office of Inspector General did an assessment of the agency’s compliance with Federal Information Security Modernization Act requirements, which it uses as a model despite not being subject to the law. The OIG found that GAO has defined an information security program that is generally aligned with FISMA, however it identified several opportunities […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Needs to Improve Cybersecurity Workforce Planning

The DHS Office of Inspector General reports that the agency has not fully met requirements in the Cybersecurity Workforce Assessment Act to assess its...

Critical Infrastructure Protection: Actions Needed to Address Significant Cybersecurity Risks Facing the Electric Grid,...

GAO was asked to review the cybersecurity of the grid. Among other things, this report (1) describes the cybersecurity risks facing the grid, (2) assesses the extent to which DOE has defined a strategy for addressing grid cybersecurity risks, and (3) assesses the extent to which FERC-approved standards address grid cybersecurity risks. GAO found that […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Management of Cybersecurity Activities at a Department of Energy Site

In January 2019, the Department of Energy Office of Inspector General initiated a review to determine whether the selected DOE location had effectively managed its cybersecurity program. OIG identified issues of such serious concern that it issued a management alert notifying cognizant officials of the need for immediate action to address these risks. The preliminary […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Episodes of Non-Adherence to Privacy and Security Policies at the Tibor Rubin VA Medical...

The Veterans’ Affairs Office of Inspector General conducted an inspection in response to episodes of non-adherence to policies on patient information privacy and security at the Tibor Rubin VA Medical Center in Long Beach, California. After a VA computer update, a facility diagnostic device no longer interfaced with VHA patients’ electronic health records. To continue […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Cybersecurity: Agencies Need to Fully Establish Risk Management Programs and Address Challenges

Key practices for establishing an agency-wide cybersecurity risk management program include designating a cybersecurity risk executive, developing a risk management strategy and policies to facilitate risk-based decisions, assessing cyber risks to the agency, and establishing coordination with the agency’s enterprise risk management program. Although the 23 agencies GAO reviewed almost always designated a risk executive, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GAO: Agencies and OMB Need to Strengthen Policies and Practices

The GAO reports that during fiscal year 2018, many federal agencies were often not adequately or effectively implementing their information security policies and practices. For example, most of the 16 agencies GAO selected for review had deficiencies related to implementing the eight elements of an agency-wide information security program required by the Federal Information Security […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Information Technology: Implementation of GAO Recommendations Would Strengthen Federal Agencies’ Acquisitions, Operations, and Cybersecurity...

The GAO found that the OMB and federal agencies have taken steps to improve the management of IT acquisitions and operations and ensure federal cybersecurity through a series of initiatives. As of June 2019, federal agencies had fully implemented 60 percent of the 1,277 IT management-related recommendations that GAO has made to them since fiscal […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Inadequate Management of Active Directory Puts USPTO’s Mission at Significant Cyber Risk

The Commerce Department’s office of inspector general reports that the Patent and Trademark Office’s has inadequately managed its Active Directory security database, and it has poorly protected its critical IT assets hosting the directory. It concluded that these deficiencies put the USPTO’s ability to accomplish its mission at significant risk. The directory management problems included […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.