Effective cybersecurity requires any organization -- whether a private sector company, a non-profit, or an agency at the state, local, or Federal level--to identify, prioritize, and manage cyber risks across its enterprise. These cyber risks can manifest themselves in many ways, including the increasingly sophisticated techniques that threat actors use to compromise systems, the operation of outdated and unsupported IT [Information Technology], or the malicious links and email attachments that can infect unsuspecting users' machines with malware. The recent government-wide cybersecurity risk assessment process conducted by OMB [Office of Management and Budget], in coordination with the DHS, confirms the need to take bold approaches to improve Federal cybersecurity. This Risk Report captures the results of the aforementioned government-wide risk assessment process, which examined agencies' ability to identify, detect, respond, and if necessary, recover from cyber intrusions, in accordance with Executive Order 13800. The actions discussed in this report aim to improve government-wide governance processes and implement cybersecurity capabilities'commensurate with risk and magnitude of the harm'that the compromise of a Federal information system and information would entail.
展开▼