Review of the Peace Corps' Information Security Program for FY 2022
Report Information
Recommendations
Disclaimer: Open/Closed recommendations are updated semiannually.We recommend that the Director develop a strategy and structure that integrates information security into the agency’s business operations. This should include an established responsibility for assessing information security risks in all agency programs and operations and providing this analysis to senior leadership, including the ERM Council, for decision-making.
that the Director develop a strategy and structure that integrates information security into the agency’s business operations. This should include an established responsibility for assessing information security risks in all agency programs and operations and providing this analysis to senior leadership, including the ERM Council, for decision-making.
We recommend that the Director appoint the chief information security officer to serve on the Enterprise Risk Management Council as a voting member.
OIG recommended that the Director appoint the chief information security officer to serve on the Enterprise Risk Management Council as a voting member
We recommend that the Director further define and implement the Enterprise Risk Management program to ensure information security risks are communicated and monitored at the system, business process, and entity levels.