The Small Business Administration’s information security program is “not effective” according to its inspector general.
In a security audit this week, auditors concluded that almost every major domain of the agency’s cybersecurity operations could be considered below the necessary standards to effectively protect data and defend against malicious hacking threats. The report looked at nine such aspects of the agency’s cybersecurity operations: risk management, supply chain risk management, configuration management, identity and access management, security training, data protection and privacy, continuous monitoring, incident response and contingency planning.
Additionally, an influx of new data and software…
