The Office of Enterprise Risk Management of Federal Retirement Thrift Investment Board is studying the loopholes in its cyber security and getting inspired from the private sector to ensure that no TSP data is leaked ever again. Unfortunately, a data leak did happen in 2012 and the board never wants to let the incident repeat itself.
TSP Board on the Right Track
Mr. Jay Ahuja, Chief Risk Officer of FRTIB said that the office has 3 more years left before it succeeds in including risk in the strategic decision making and the board’s culture. He said that there are many typical risk management functions in place but a lot still needs to be done. The statements were made as a part of board’s monthly meeting that was held on March 29.
Learning from the Private Sector
The TSP board is now planning to take help from the private sector to ensure that best practices regarding the risk management procedures and cyber security are developed. The board wants to know everything about the measures the private sector companies are taking. The board also wants to know how they harden their entrance and what mechanisms or controls they have in place.
The Hacking Attack
TSP data had also suffered a cyber attack in 2012. Data of about 123, 000 people were compromised when hackers attacked one of the board’s contractors. The board faced a lot of criticism from Congress and Labor Department since then because it made very slow progress in getting its cyber security fixed and it was also not quick enough in responding to the queries made by outside auditors.
The Measures Taken
The board has made some improvements since then. It helped audit organizations with 14 internal audits in the last 5 months and it is planning to do 11 more in the next 11 months.
Training the Employees
The TSP Board’s Office of Enterprise Risk Management is also dedicated to finding the root cause of the problem. Hence, it has announced the initiation of a new risk training program for the employees working as a member of the board.
The TSP Board’s Office of Enterprise Risk Management will ensure that the training program teaches the employees about the existing audit activities and when (and why) an employee should respond to the Labor Department. The scope of the training can also increase in the future and include many other risk management activities, said Mr. Ahuja.
Related Page and Articles