Phishing is the fraudulent practice of sending emails or other messages claiming to be from trustworthy companies. These messages encourage individuals to disclose personal information, such as passwords and credit card numbers. Many people don’t realize that cybercriminals can also deliver phishing attacks through text messages, which is known as smishing. These types of scams…
July 22, 2021 The Postal Service has updated Handbook AS-805, Information Security, which details the organization’s security policies for technology assets and information resources. The updates include several new topics, including: The Executive Cyber Risk Committee, which evaluates and monitors cyber risk management activities and their alignment with the overall corporate risk profile; Contractual security…
Objective Our objective was to assess the U.S. Postal Service’s social media and digital channel security posture. We also assessed whether policies are in place to protect the integrity of the Postal Service’s official social media and digital channel presence. The Postal Service uses social media to promote its brand, products, and services and to…
When plugging a smart mobile device (e.g., phone, tablet, or wearable technology) into a computer’s USB port, the two devices can exchange information or malware.1 At the United States Postal Service®, this could put sensitive information into the wrong hands and potentially affect our business and reputation. To prevent a security breach, follow these important…
The United States Postal Service maintains one of the world’s largest information technology networks, which links nearly 1.2 million devices and 66,000 mail processing technology systems. Established in 2014, the Corporate Information Security Office (CISO) safeguards this network — the network that binds the nation together — with enterprise-wide cybersecurity technologies and solutions. This October,…
Objective Our objective was to determine if controls for purchasing and maintaining information technology (IT) equipment, specifically printers, webcams, and [redacted] cameras, are effective in identifying, assessing, and mitigating vulnerabilities and related cybersecurity risks to the U.S. Postal Service’s IT infrastructure. The Postal Service purchases IT equipment, such as webcams and printers, through the eBuy…
When plugging a smart mobile device (e.g., phone, tablet, or wearable technology) into a computer’s USB port, the two devices can exchange information or malware. At the U.S. Postal Service®, this could put sensitive information into the wrong hands and potentially affect our business and reputation. To prevent a security breach, follow these important charging…
Objective Our objective was to assess whether Decision Analysis Reports (DAR) I and II cybersecurity investments’ stated performance metrics aligned with the Corporate Information Security Office (CISO) strategic and cost objectives. To establish a sound cybersecurity foundation, the Postal Service has made significant investments in information security. In 2015, the Postal Service approved [redacted] million…
