Author: United States. Government Accountability Office
Publisher: Nova Science Pub Incorporated
Cyber analysis and warning capabilities are critical to thwarting computer-based (cyber) threats and attacks. The Department of Homeland Security (DHS) established the United States Computer Emergency Readiness Team (US-CERT) to, among other things, co-ordinate the nation's efforts to prepare for, prevent, and respond to cyber threats to systems and communications networks. The authors' objectives were to (1) identify key attributes of cyber analysis and warning capabilities, (2) compare these attributes with US-CERT's current capabilities to identify whether there are gaps, and (3) identify US-CERT's challenges to developing and implementing key attributes and a successful national cyber analysis and warning capability. To address these objectives, the authors identified and analysed related documents, observed operations at numerous entities, and interviewed responsible officials and experts.
Cyber analysis and warning capabilities are critical to thwarting computer-based (cyber) threats and attacks. The Dept. of Homeland Security (DHS) established the U.S. Computer Emergency Readiness Team (US-CERT) to, among other things, coordinate the nation¿s efforts to prepare for, prevent, and respond to cyber threats to systems and communications networks. This report: (1) identifies key attributes of cyber analysis and warning capabilities; (2) compares these attributes with US-CERT¿s current capabilities to identify whether there are gaps; and (3) identifies US-CERT¿s challenges to developing and implementing key attributes and a successful national cyber analysis and warning capability. Includes recommendations. Illus.
by United States. Government Accountability Office
Federal laws and policy have assigned important roles and responsibilities to the Dept. of Homeland Security (DHS) and the Nat. Inst. of Standards and Tech. (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure -- much of which is owned by the private sector -- and securing its own computer systems, while NIST is responsible for developing standards and guidelines for implementing security controls over information and information systems. This report describes cybersecurity efforts at DHS and NIST -- including partnership activities with the private sector -- and the use of cybersecurity performance metrics in the fed. gov¿t. Table and graphs.
Computer security by United States. Congress. House. Committee on Science and Technology (2007). Subcommittee on Technology and Innovation
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the fed. government. In recent months, fed. officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the U.S.; and press accounts have reported attacks on the Web sites of government agencies. This statement describes: (1) cyber threats to fed. information systems and cyber-based critical infrastructures; (2) control deficiencies at fed. agencies that make these systems and infrastructures vulnerable to cyber threats; and (3) opportunities that exist for improving fed. cybersecurity.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the fed. gov¿t. Many nation states, terrorist networks, and organized criminal groups have the capability to target elements of the U.S. info. infrastructure for intelligence collection, intellectual property theft, or disruption. The dependence of fed. agencies on info. systems to carry out essential, everyday operations can make them vulnerable to an array of cyber-based risks. This statement describes: (1) cyber threats to fed. info. systems and cyber-based critical infrastructures; (2) control deficiencies that make fed. systems vulnerable to those threats; and (3) opportunities that exist for improving fed. cybersecurity.
Recent cyber attacks demonstrate the potentially devastating impact these pose to our nation¿s computer systems and to the fed. operations and critical infrastructures that they support. They also highlight that we need to be vigilant against individuals and groups with malicious intent, such as criminals, terrorists, and nation-states perpetuating these attacks. The Dept. of Homeland Security (DHS) is the focal point for coordinating cybersecurity, including responsibility for protecting systems that support critical infrastructures, a practice commonly referred to as cyber critical infrastructure protection. This report summarizes key reports and associated recommendations aimed at securing our nation¿s cyber critical infrastructure.
Pervasive and sustained computer-based (cyber) attacks against federal and private-sector infrastructures pose a potentially devastating impact to systems and operations and the critical infrastructures that they support. Congress and the Executive Branch, including the new administration, have taken actions to examine the adequacy of Pres. Bush¿s strategy and identify areas for improvement. This report summarizes: (1) key reports and recommendations on the national cyber-security strategy; and (2) the views of experts on how to strengthen the strategy. The auditor conducted panel discussions with key cyber-security experts to solicit their views on areas for improvement. Illustrations.
This up-to-the-minute guide helps you become more proactive and meet the growing demand for integrated audit services in the 21st century. Wide-ranging in scope, Information Technology Audits offers expert analysis, practical tools, and real-world techniques designed to assist in preparing for and performing integrated IT audits. Written by a seasoned auditor with more than 22 years of IT audit experience, Information Technology Audits provides the first practical, hands-on look at how organizations use and control information to meet business objectives, and offers strategies to assess whether the company's controls adequately protect its information systems. Practice aids are available on a free companion CD-ROM.
This is a print on demand edition of a hard to find publication. To address pervasive computer-based (cyber) attacks against the U.S. that posed potentially devastating impacts to systems and operations, the fed. gov¿t. has developed policies and strategies intended to combat these threats. A key development was in Feb. 2009, when Pres. Obama initiated a review of the government's overall strategy and supporting activities with the aim of assessing U.S. policies and structures for cybersecurity. The resulting policy review report issued in May 2009 provided 24 near- and mid-term recommendations to address these threats. This report assessed the implementation status of the 24 recommendations. This report analyzed the policy review report and assessed agency documentation. Charts and tables.
To reduce the threat to federal systems and operations posed by cyber attacks on the U.S., the Office of Management and Budget (OMB) launched, in Nov. 2007, the Trusted Internet Connections (TIC) initiative, and later, in 2008, the Dept. of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS), operationally known as Einstein, became mandatory for federal agencies as part of TIC. For each of these initiatives, this report: (1) identified their goals, objectives, and requirements; (2) determined the status of actions federal agencies have taken, or plan to take, to implement the initiatives; and (3) identified any benefits, challenges, and lessons learned. Includes recommendations. Charts and tables.
The first in a series of reviews of various countries' risk management policies, this review identifies areas of good practice in Norway's policies for information security, as well as areas where improvements could be made.