U.S. GAO (Government Accountability Office) conducted an audit of 24 federal agencies’ (during 2013-2014) that revealed weaknesses in security practices, requiring remediation and strengthening cybersecurity based on past recommendations/requirements.
• Problems in securing access controls or prevalent inappropriate access
• Configuration management issues with properly tested software or updates
• Over 50% allow excessive access or SOD (segregation of duties) issues
• 75% did not have continuity planning to address disruptive events
• None had agency-wide security program to identify, resolve and manage risks
The report also looked back through 2006 which showed consistent trends with increased security incidents and in some cases, totals doubled in compromised personal information. In cases such as the breach of 21.5 million sensitive personal information by OPM federal agency, a 30-Day Cybersecurity Sprint was enacted in June 2015 to immediate tightening of policies and patching/vulnerabilities in order to help improve security posture. Additionally a call to implement security plans to be conducted and to address risk identified and remediation in accordance to FISMA (Federal Information Security Management Act of 2002). Hence, it’s 2015 and almost 2/3 of the agencies had not accessed risks at this point. Numbers show agencies spend on cybersecurity has been relatively flat from $12 million in 2010, highest in 2012 at $14.6, lowest in 2013 at $10.3 and in $12.7 million in 2014.
by the numbers...
No comments:
Post a Comment