Focusing on Data Security Controls Will Not Provide the Most Robust Protection Against Data Breaches
Since the U.S. government is recognized as a superpower when it comes to cyber warfare, many observers also believe these capabilities extend to the security posture of its agencies and IT infrastructures. Especially because the federal government has developed several innovative security frameworks that are used in many industries outside of the public sector. These include the Department of Homeland Security’s Continuous Diagnostic and Mitigation (CDM) Program, the National Institute of Standards and Technology (NIST) Cybersecurity Framework, and recently published draft version of a Cybersecurity Maturity Model by the Department of Defense.
Reality, however, paints a very different picture of the state of cyber security within the federal government. According to the 2019 Verizon Data Breach Investigations Report, the government sector has experienced more data breaches than all other industries. Considering the sensitivity of data that is being exfiltrated via cyber-espionage or by state-affiliated actors, these breaches pose a serious threat to economic and national security. Adding to these concerns are the recent findings in a report (PDF) by the Government Accountability Office that identified major shortcomings in IT infrastructure security and risk management practices across some 23 U.S. federal agencies. So why do federal agencies lack proper cyber hygiene despite the US government’s track record of innovation in cyber security best practices?
Given the bureaucratic environment within federal agencies it isn't surpr ..
Support the originator by clicking the read the rest link below.
