Days before the federal government reported historic cybersecurity breaches across multiple agencies, the Inspector General warned of deficiencies in government cybersecurity and information management programs in its Statement on the Department of State’s Major Management and Performance Challenges for 2020. Some information governance gaps highlighted in the report include:
- Failure to record and retain critical information in system controls and monitoring and user access controls.
- Lack of records management program for records creation, maintenance and disposition.
- Failure to include information management division in the IT procurement process.
The take-away from these gaps can also apply to private organizations. A proactive information governance program means comprehensive knowledge and management of an organization’s data. Knowing what data you have and what the data flows are in your organization lays the groundwork for securing and defending your information.
From the Report: "For example, [the Bureau of Counterterrorism] did not establish a records management program to institute controls over records creation, maintenance, and disposition."