rowid,report_id,rec_number,significant,text,questioned_costs,funds_for_better_use
18,2024-audit-boards-information-security-program,1,Yes,"Develop a supply chain risk management strategy that includes (a) a supply chain risk appetite and tolerance, (b) an enterprise supply chain risk management governance structure, and (c) supply chain risk assessment processes that include migration strategies or controls.",0,0
19,2024-audit-boards-information-security-program,2,No,Document and implement a baseline review and escalation process for data loss prevention alerts.,0,0
20,2024-audit-boards-information-security-program,3,No,Reinforce the requirements for identifying and documenting system interconnections as part of the Board’s training on its cyber risk management application and require all relevant individuals to take the training.,0,0
21,2024-audit-boards-information-security-program,4,No,Evaluate and implement options to enforce the agency’s existing guidance related to identifying and documenting system interconnections.,0,0
22,2024-audit-boards-information-security-program,5,No,Develop and implement a mobile application scanning program that includes a vulnerability scanning solution and process to identify and remediate vulnerabilities.,0,0
23,2024-audit-boards-information-security-program,6,No,"Ensure that the Board’s Incident Notification and Breach Response Plan is reviewed, tested and approved annually.",0,0
24,2024-audit-boards-information-security-program,8,No,Incorporate targeted phishing exercises into the Board’s security awareness and training program and processes.,0,0