Department Critical Infrastructure Protection Implementing Plans to Protect Cyber-Based Infrastructure
Report No. 04-05
November 2003
Office of the Inspector General
We have audited the Department's implementation of plans to protect its cyber-based infrastructure. We reviewed the Department's efforts to mitigate risks identified from vulnerability assessment; manage emergencies; coordinate with other agencies; meet its resource and organizational requirements; and assess recruitment, education, and awareness efforts. In connection with the audit, and as required by Government Auditing Standards, we reviewed program activities and records to obtain reasonable assurance about the Department's compliance with laws and regulations that, if not complied with, we believe could have a material effect on program operations. Compliance with laws and regulations applicable to the Department's critical infrastructure planning is the responsibility of the Justice Management Division. Our audit included examining, on a test basis, evidence about laws and regulations. Specifically, we conducted our tests against the relevant portions of:
Except for those issues cited in the Findings and Recommendations section of the report, our tests indicated that, for those items reviewed, the Department was in compliance with the laws and regulations referred to above. With respect to those transactions not tested, nothing came to our attention that caused us to believe that Department management was not in compliance with the laws and regulations cited above. |