Information Technology Sector Baseline Risk Assessment

Overview
In August 2009, the Department of Homeland Security, in collaboration with private and government coordinating councils established to protect information technology critical infrastructure (i.e., the Information Technology Sector Coordinating Council and the Information Technology Government Coordinating Council), issued the Information Technology Sector Baseline Risk Assessment.16

The assessment identified risks to the information technology sector, provided risk management to enhance the security and resiliency of critical Information Technology Sector functions, including recovery planning and prioritization of research and development. While a positive step, this assessment falls short of meeting the recommendation because it is narrowly focused on the Information Technology Sector, and only addressed some but not all of the threat scenarios faced by the Information Technology Sector. In addition, DHS officials were not able to provide us milestones and plans for when and how this recommendation would be fully implemented.