The Government Accountability Office has listed 58 recommendations to help agencies implement key practices in their respective risk management and cybersecurity initiatives. The recommendations include coordination with the secretary of the Department of Homeland Security, development of a risk management process document, facilitation of organization-wide security assessments and modernization of risk evaluation policies, GAO said in a report published Thursday.
GAO found that while 22 agencies have assigned cybersecurity risk executives, none of them were able to integrate risk management and security processes to their programs. Additionally, GAO noted a number of gaps in creating risk management programs including employee retention, lack of quality risk data and non-consistency in applying security policies.
The agency also reported that DHS and the Office of Management and Budget did not address management gaps amid an issued executive order in 2017. GAO conducted the review to secure federal agencies' data from potential cyberattacks.