From: FEDweek
The DHS inspector general has issued a management advisory report, consisting of a guide for assessing cybersecurity within the IG community.
The guide comes out of the Council of the Inspectors General on Integrity and Efficiency Cybersecurity Working Group, and while its focus is on the IG community, the guide could be a useful tool others might use to informally assess IT operations.
The high-level guide is based on the subject matter expertise of DHS IG IT audit managers and specialists, legal research, and a review of applicable websites and audit programs developed within the OIG community.
The guide outlines cybersecurity roles and responsibilities, covers cybersecurity policies and guidance for evaluating critical IT security controls, and includes guidance regarding the use of vulnerability assessments and penetration testing that IG audit organizations can perform to evaluate the effectiveness of the system security and access controls implemented.
Additional sections cover information security continuous monitoring and cloud computing, program steps for evaluating an agency’s cybersecurity program and initiatives, and program steps for conducting information system security-related audits and evaluations.
Leave a Reply