Agencies Need to Improve Cyber Incident Response Practices

May 30

Editor’s Note: GAO report GAO-14-354, “Information Security: Agencies Need to Improve Cyber Incident Response Practices” is available here. Below are GAO’s Recommendations.

From: GAO

To improve the effectiveness of governmentwide cyber incident response activities, we recommend that the Director of OMB and Secretary of Homeland Security address agency incident response practices governmentwide, in particular through CyberStat meetings, such as emphasizing the recording of key steps in responding to an incident. To improve the effectiveness of cyber incident response activities, we are making 25 recommendations to six selected agencies to improve their cyber incident response programs.

We recommend that the Secretary of Energy:

  • revise policies for incident response to include requirements for defining the incident response team’s level of authority, prioritizing the severity ratings of incidents based on impact and establishing measures of performance;
  • revise the department’s incident response plan to include metrics for measuring the incident response capability and its effectiveness;
  • develop incident response procedures that provide instructions for containing incidents and revise procedures for incident response to prioritize the handling of incidents by impact;
  • fully test the department’s incident response capability; and
  • establish clear requirements to ensure the department’s incident response personnel are trained.

We recommend that the Attorney General of the United States:

  • •revise policies for incident response by including requirements for defining the incident response team’s level of authority, and prioritizing the severity ratings of incidents for unclassified systems, based on impact;
  • revise the department’s incident response plan to include quantifiable metrics for measuring the incident response capability and its effectiveness;
  • develop incident response procedures that provide instructions for prioritizing the handling of incidents by impact; and
  • ensure that all components test their incident response capability.

We recommend that the Secretary of Transportation:

  • revise policies for incident response by including requirements for prioritizing the severity ratings of incidents based on impact and establishing measures of performance;
  • revise the department’s incident response plan to include senior management’s approval, and metrics for measuring the incident response cap ability and its effectiveness;
  • develop incident response procedures that provide instructions for prioritizing the handling of incidents by impact; and
  • test the department’s incident response capability.
We recommend that the Secretary of Housing and Urban Development:
  • finalize policies for incident response and include in those policies requirements for prioritizing the severity ratings of incidents and establishing measures of performance;
  • develop a departmentwide incident response plan that includes, among other elements, senior management’s approval, and metrics for measuring the incident response capability and its effectiveness;
  • revise procedures for incident response to prioritize the handling of incidents by impact; and
  • test the department’s incident response capability.

We recommend that Administrator of the National Aeronautics and Space Administration:

  • revise policies for incident response by including requirements forestablishing measures of performance;
  • revise the agency’s incident response plan to include metrics for measuring the incident response capability and its effectiveness;
  • test the agency’s incident response capability; and
  • establish clear requirements for training the agency’s incident response personnel.

We recommend that the Secretary of Veterans Affairs:

  • revise policies for incident response by including requirements for defining the incident response team’s level of authority, and establishing measures of performance;
  • revise the department’s incident response plan to include metrics for measuring the incident response capability and its effectiveness;
  • test the department’s incident response capability; and
  • train the department’s incident response personnel per the agency’s requirements.

To improve the cyber incident response assistance provided to federal agencies, we recommend that the Secretary of Homeland Security:

  • establish measures to evaluate the effectiveness of the cyber incident assistance it provides to agencies.
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Leave a Reply

Your email address will not be published.

Please Answer: *