03326oam 2200469 450 991071307850332120200317133524.0(CKB)5470000002499415(OCoLC)1098213632(EXLCZ)99547000000249941520190424d2019 ua 0engurnn|||||||||txtrdacontentcrdamediacrrdacarrierAudit of the Federal Bureau of Investigation's cyber victim notification process /U.S. Department of Justice, Office of the Inspector General, Audit DivisionWashington, DC :Office of the Inspector General, U.S. Department of Justice,2019.1 online resource (ii, 48 pages) illustrations"Audit Division 19-23.""March 2019."" ... we examined the FBI's adherence to Executive Order 13636, Improving Critical Infrastructure Cybersecurity, and the FBI Cyber Division Policy Guide 0853pg as well as other related policies." -- Executive summary."The FBI established Cyber Guardian for tracking the production, dissemination, and disposition of cyber-victim notifications which can help victims mitigate the damage caused by cyber intrusions and increase the potential for intelligence collection by the FBI. However, we found that the data in Cyber Guardian was incomplete and unreliable, making the FBI unable to determine whether all victims are being notified. The quality of formal requests for investigative actions, called leads, set for victim notification was inconsistent. In addition, not all agents indexed victims within Sentinel, as required. Together, the inconsistent leads and indexing contributed to some notifications not being tracked property or taking place too long after the attack for the victim to effectively mitigate the threat to its system. Further, the Department of Homeland Security (DHS) -- a partner in using Cyber Guardian --was not entering information into the system as required, contributing to the incompleteness of data in Cyber Guardian. We also found that victims identified in national security cyber cases were not informed of their rights as required by the Attorney General Guidelines for Victim and Witness Assistance (AG Guidelines). The FBI plans to replace Cyber Guardian in fiscal year (FY) 2019 with CyNERGY, a new system which may solve some, but not all data quality issues." -- Executive summary.Report includes FBI's response to draft audit report.Redacted for public releaseManagement auditCyberterrorismUnited StatesPreventionEvaluationComputer networksSecurity measuresUnited StatesNational securityUnited StatesManagement audit.CyberterrorismPreventionEvaluation.Computer networksSecurity measuresNational securityUnited States.Department of Justice.Office of the Inspector General,ZCYZCYOCLCFGPOBOOK9910713078503321Audit of the Federal Bureau of Investigation's cyber victim notification process3353555UNINA