Spring break has come for students, but report cards will fly as Office of Management and Budget (OMB) issued cyber security report cards that graded different federal agencies for their cyber security efforts in 2015. As a result, only one agency, the General Service Administration, got an A grade (91 out of 100) out of the 24 large federal agencies that are evaluated. This is a significant decrease from 2014 where eight agencies got an A grade.
While getting a top score is now the priority, The Hill enumerates three important aspects in grading cyber security agencies.
Modernize Data Collection Process
Data collection should be modernized by the government. Compared to other companies, the governments’ data collection is still very you. Security officers in different business tend to give security metrics and evaluation to their executives in real time. Using that technique, the executives will know what they lack and what other functions they need to adjust accordingly to create a strong security system. Unlike the OMB which uses a manual collection of data that makes evaluation longer and adjustments slower.
Data Collection Accuracy
With its slow data collection, it may prove that accuracy is also lacking. There are different factors that are evaluated inaccurately such as how threats are being detected or how are they prevented. Automated recording of data is recommended to increase accuracy.
Useful Metrics
Different metrics are used to evaluate a certain agency. Metrics such as Malware Detection can be evaluated, but more useful and intuitive metrics should be used such as the time from the initial breach to the resolution of the problem.