GAO: Agencies Should Apply Risk Mgmt, Cybersecurity Practices

Jeff Brody

The Government Accountability Office has listed 58 recommendations to help agencies implement key practices in their respective risk management and cybersecurity initiatives. The recommendations include coordination with the secretary of the Department of Homeland Security, development of a risk management process document, facilitation of organization-wide security assessments and modernization of risk evaluation policies, GAO said in a report published Thursday

GAO found that while 22 agencies have assigned cybersecurity risk executives, none of them were able to integrate risk management and security processes to their programs. Additionally, GAO noted a number of gaps in creating risk management programs including employee retention, lack of quality risk data and non-consistency in applying security policies.

The agency also reported that DHS and the Office of Management and Budget did not address management gaps amid an issued executive order in 2017. GAO conducted the review to secure federal agencies' data from potential cyberattacks.

Check Also

GSA

GSA Looks to Expand Agency Engagements for CoE Program; David Peters Quoted

The General Services Administration (GSA) is working to expand its Centers of Excellence (CoE) initiative to agency partners beyond the Department of Agriculture (USDA), Office of Personnel Management (OPM) and Department of Housing and Urban Development (HUD).