With the advancement of technology, the space industry continues to advance. New observations reveal the mystery of the universe. When it comes to space exploration, the first thing that comes to many people’s minds is NASA. However, the cybersecurity environment continues to evolve even in space. NASA’s Office of Inspector General (OIG) released an audit report on the space agency’s data handling. Here are the details…
The Office of Inspector General audited NASA for cybersecurity!
NASA’s Office of Inspector General, OIG, stated that the space agency processes a lot of personally identifiable information. OIG also maintains close contact with the public and other outside agencies. Therefore, the company is highly susceptible to data breaches that could seriously harm those affected.
The company conducted interviews with NASA’s privacy and cybersecurity officials. Among other things, it reviewed privacy surveys to paint a picture of cybersecurity performance so far.
NASA’s Asteroid Hunting Telescope has reached the end of the road!
The sun brings the end of an era. NASA’s asteroid-hunting telescope NEOWISE is on its last legs. Here are the details…
The OIG stated that NASA’s approach to privacy is comprehensive. He also added that he liked many of the company’s policies. However, the report also highlighted some additional steps to protect individuals’ personal information.
However, the OIG criticized the space agency on some issues. NASA chooses not to take full advantage of the data loss prevention (DLP) feature built into the Microsoft 365 platform. Instead, it relied on users to report potential violations. The OIG stated that this should be corrected.
NASA hosts different projects at the same time. However, it has too many conflicting documents and policies. That’s why NASA became the focus of criticism. Additionally, OIG called for a common understanding of what constitutes a breach and when the Breach Response Team should be activated.
OIG gave NASA a total of 6 recommendations for improvements in cybersecurity. He gave recommendations on improving some processes. He also noted the need to establish DLP roles and responsibilities. However, he requested that it receive more guidance and update its policies to track and document incidents.