How good is your agency's incident response?
- By William Jackson
- Aug 25, 2014
As in any job, in cybersecurity it’s the paperwork that gets you. In a recent study, the Government Accountability Office found that agencies are doing an incomplete job in documenting their response to security incidents.
The GAO studied a sample of 40 incidents in fiscal 2012 at six agencies to get a statistical picture of overall practices at 24 major executive branch agencies. In about 65 percent of the cases, it found that incident response activities were not fully documented.
Most agencies identified the scope of the incident, but often did not demonstrate that they knew the impact of it. Other responses, such as actions to prevent recurrence of an incident, often were not shown. Each of the agencies studied had some type of an incident response plan, but none was comprehensive.
The Office of Management and Budget and the Department of Homeland Security oversee agencies’ cybersecurity activities, but neither had addressed incident response practices in their CyberStat reviews.
These shortfalls come at a time of increasing rates of cyber incidents at agencies, from 34,840 in fiscal 2012 to 46,160 in fiscal 2013.
The study does not necessarily mean that agencies are not doing a good job in their cybersecurity and incident response, but without a plan for documenting it, it is difficult to say how good a job is being done.
William Jackson is freelance writer and the author of the CyberEye blog.