Latest News		 Text size: A - A - A - A
Independent Oversight
Home
Sub Offices
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Mission & Functions
Independent Oversight
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Reports
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
Guidance Documents
Independent Oversight
Security Evaluations
Cyber Security Evaluations
Emergency Management Oversight
Environment, Safety and Health Evaluations
News
What's New
Inside HSS Oversight
Related Links
DOE
DOE CIO
NNSA
DOE CFO
NTC
Security Evaluations S&S Topics
Cyber Security Evaluations Related Links
Emergency Management Oversight Related Links
Contact Us

Office of Cyber Security Evaluations
(Reports to the Office of Independent Oversight)



Mission and Functions

Mission

The Office of Cyber Security Evaluations is responsible for the independent evaluation of the effectiveness of classified and unclassified computer security policies and programs throughout the Department. It has established and maintains a continuous program for assessing Internet security to include offsite scanning and controlled penetration attempts to detect vulnerabilities that could be exploited by hackers or sophisticated attackers. The office analyzes cyber security trends and studies complex-wide issues in order to provide feedback on essential information assurance practices to DOE sites.

Functions

  • Assesses new vulnerabilities and the effectiveness of DOE policies governing classified and unclassified cyber security.

  • Conducts annual evaluations of classified information security programs for DOE as required by the Federal Information Security Management Act.

  • Conducts independent special studies of cyber security topics of interest to the DOE community.

  • Conducts routine announced inspections of classified and unclassified cyber security programs at DOE sites.

  • Conducts unannounced (Red Team) assessments of DOE information systems.

  • Develops recommendations and identifies opportunities for improving cyber security performance.

  • Evaluates effectiveness of cyber security tools.

  • Maintains a continuous program of announced and unannounced remote testing for DOE network vulnerabilities through scanning and penetration testing.

  • Performs complex-wide reviews of cyber security topical areas and institutes follow-up activities to ensure that identified issues are addressed in a timely and effective manner.

  • Performs on-going analyses to identify trends and emerging issues in the cyber security arena.

  • Provides a "rapid response" capability to perform special reviews for the Secretary of Energy and senior DOE managers.

  • Provides input for the annual evaluation of DOE unclassified information security programs as required by the Federal Information Security Management Act.

  • Reviews other governmental and commercial cyber security programs to provide benchmarks for DOE performance.

   
         
   
     
    




This page was last updated on March 15, 2009
Security & Privacy Notice   •    Information Collection   •    HSS Information Inventory  
Doing Business with DOE  |  Competitive Sourcing  |  DOE Directives  |  Small Business     
The White House FirstGov.gov FirstGov.gov Spanish Version E-gov IQ FOIA
U.S. Department of Energy | 1000 Independence Ave., SW | Washington, DC 20585
1-800-dial-DOE | f/202-586-4403 |
Web Policies | No Fear Act | Site Map | Privacy | Phone Book | Employment