OMB, DHS outline data security best practices

The Office of Management and Budget and the Homeland Security Department today explained 10 common mistakes agencies make when securing data and personal information and offered a host of best practices to correct each mistake.In a new paper, “Common Risks Impeding the Adequate Protection of Government Information,” OMB and DHS discuss common problems in areas such as training, contracting and records management.OMB and DHS developed this paper as a part of the President’s Identity Theft Task Force recommendations.“All of the best practices and important resources are interrelated, and they can help agencies address the risks associated with information security and privacy programs,” said Karen Evans, OMB’s administrator for information technology and e-government.In the paper, OMB and DHS recommend agencies take steps to protect data. These include tailoring training to employees with significant security and privacy responsibilities, incorporating the Federal Acquisition Regulation language into all contracts and agreements and developing a standard operating procedure that describes how to identify and report suspicious activities or incidents.The paper also provides resources from OMB, DHS and the National Institute of Standards and Technology for agencies to refer to when implementing the best practices.