This publication and the abstract below was published by The White House in May 2018. ICIT strongly encourages you to visit the The White House to search for additional information security resources which are freely available.

Federal Cybersecurity Risk Determination Report and Action Plan

Effective cybersecurity requires any organization — whether a private sector company, a non-profit, or an agency at the state, local, or Federal level — to identify, prioritize, and manage cyber risks across its enterprise. These cyber risks can manifest themselves in many ways, including the increasingly sophisticated techniques that threat actors use to compromise systems, the operation of outdated and unsupported IT, or the malicious links and email attachments that can infect unsuspecting users’ machines with malware. The recent government-wide cybersecurity risk assessment process conducted by OMB, in coordination with the DHS, confirms the need to take bold approaches to improve Federal cybersecurity.

This Risk Report captures the results of the aforementioned government-wide risk assessment process, which examined agencies’ ability to identify, detect, respond, and if necessary, recover from cyber intrusions, in accordance with Executive Order 13800. The actions discussed in this report aim to improve government-wide governance processes and implement cybersecurity capabilities “commensurate with risk and magnitude of the harm” that the compromise of a Federal information system and information would entail.