The Federal Information Security Management Act requires federal agencies to implement certain procedures and policies to detect and respond to security incidents. With its audit, the OIG will determine whether HHS has “sufficiently implemented incident response capabilities to safeguard the department’s information technology systems and data.”
“Incidents involving cybersecurity and privacy threats, such as malware, malicious user activity and vulnerabilities associated with highly interconnected technology require a skilled and rapid response to reduce their likelihood and to reduce or mitigate loss or destruction of data, loss of funds, loss of productivity and damage to the agency’s reputation,” the work plan states.
The OIG expects to issue its results in 2018.
More articles on cybersecurity:
11 cybersecurity terms to know
42.4% of Americans willing to give up alcohol to ensure cybersecurity