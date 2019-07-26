(@FahadShabbir)

WASHINGTON (UrduPoint News / Sputnik - 26th July, 2019) Seventeen US government agencies have fallen short in establishing cybersecurity risk management strategies needed to protect personal data from hackers, the General Accountability Office said in a report.

The report was especially critical of the Office of Management and Budget (OMB) and the Department of Homeland Security (DHS), the Primary agencies responsible for managing cybersecurity throughout the US Federal government.

"OMB and DHS did not establish initiatives to address the other challenges on managing conflicting priorities, establishing and implementing consistent policies, developing risk management strategies, and incorporating cyber risks into ERM [Enterprise Risk Management]," the report said on Thursday.

Without additional guidance or assistance from OPM and DHS, agencies throughout the federal government "will likely continue to be hindered in managing cybersecurity risks," the report added.

None of 23 agencies surveyed has fully incorporated agency risk management practices, including 17 agencies that have not fully established agency- and system-level policies for assessing, responding to, and monitoring risk, according to the report.

The report included 58 recommendations divided among government agencies, including the OPM, the source of one of the nation's most spectacular data breaches.

In June 2015, OPM discovered that the background investigation records of more than 20 million current, former and prospective federal government employees and contractors had been stolen, reportedly by Chinese hackers.

The stolen data also identified friends and neighbors interviewed during background checks for security clearances, including personal information for those who had been interviewed.

The report recommended that OPM conduct an organization-wide cybersecurity risk assessment and the use the assessment to tailor responses to threats detected throughout the agency.