The Office of Defense could be using an overly optimistic solution to assessing cyber risk on many of its IT programs, in accordance to the Authorities Accountability Place of work.
In a report published on Wednesday, the oversight company reported it had located at minimum 10 occasions in major small business IT courses audited, in which impartial assessments conducted by the DOD underestimated the degree of cybersecurity threat.
The place of work has proposed that the DOD assessment how it conducts threat assessments across its IT program and warned that until finally it does so the department’s oversight of systems could be proving over-optimistic.
IT programs that the GAO claims need to be categorised as owning elevated chance amounts include things like the DOD’s defense journey method, business accounting and management process, logistics chain administration units, and the Maritime Corps’ world fight assist process.
GAO’s critique also discovered worries in DOD’s implementation of agile program procedures. Between the concerns elevated by the report were the inability of the department to hire the requisite employees and to manage the specialized environments that are desired for agile computer software growth.
The division has been trying to update its application procedures to include things like agile development, which follows the theory of iterating and swiftly updating code, and replaces the classic waterfall method of IT growth.