Federal agencies’ sensitive data has been collected by third party vendors. The question is, do you know where your data is and are they secure? What if a Data Breach occurred to these vendors? Do you know the intangible price of data breach and its far-reaching implications?
1) Federal agencies need to understand how sensitive data is collected by contractors who are supporting your agency’s mission. Are the proper security controls in place to ensure data (at rest and in transit) is secure?
2) How should agency deal with the contractors if the contractors encountered a Data Breach?
3) How will the agency assess the damage of the Data Breach and hold the contractor accountable from financial and contractual obligations?
Deputy Director, Risk Management & Assurance,
Department of Homeland Security