Information Security: Opportunities to Reduce Risk of Unauthorized Access to the Smithsonian Institution's Publicly Accessible Websites
The objective of this audit was to assess to what extent the Smithsonian had processes in place to prevent, detect, and resolve security vulnerabilities on the Smithsonian’s publicly accessible websites. The audit focused on obtaining an inventory of publicly accessible websites; conducting vulnerability testing, which included an in-depth test of websites to simulate a focused attack by a skilled adversary; and reviewing the Smithsonian’s policies, procedures, and processes to manage website security.