Topics on this page: Goal 5. Objective 4 | Objective 5.4 Table of Related Performance Measures
Goal 5. Objective 4: Protect the safety and integrity of our human, physical, and digital assets
Yet providing security for HHS involves more than preventing breaches or cybersecurity attacks. The Department’s OpDivs and StaffDivs participate in efforts to preserve physical security; personnel security and suitability; security awareness; information security, including the safeguarding of sensitive and classified material; and security and threat assessments. In addition, the Department has established a network of scientific, public health, and security professionals internally, as well as points of contact in other agencies, in the intelligence community, and in the Information Sharing Environment Council. The Department has specialized staff to provide policy direction to facilitate the identification of potential vulnerabilities or threats to security, conduct analyses of potential or identified risks to security and safety, and work with agencies to develop methods to address them.
The Office of the Secretary leads this objective. All divisions contribute to the achievement of this objective.
Objective 5.4 Table of Related Performance Measures
Decrease the Percentage of Susceptibility among personnel to phishing (Lead Agency - ASA; Measure ID - 3.5)
| FY 2013 | FY 2014 | FY 2015 | FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | Baseline | 6.8% | 6.5% |
| Result | N/A | N/A | N/A | N/A | N/A | 7% | 9/30/19 | 9/30/20 |
| Status | N/A | N/A | N/A | N/A | N/A | Historic Actual | Pending | Pending |
Through the combination or training, education, and tools (e.g., email add-in), the purpose of the measure is to reduce the likelihood of staff falling for fake email attempts over time. HHS will establish a baseline from data collected through Office of the Chief Information Officer’s enterprise Phishme solution and set a target with a goal of negative responses decreasing over time.
Maintain the number of days since last major incident of personally identifiable information (PII) breach (Lead Agency - ASA; Measure ID - 3.6)
| FY 2013 | FY 2014 | FY 2015 | FY 2016 | FY 2017 | FY 2018 | FY 2019 | FY 2020 | |
|---|---|---|---|---|---|---|---|---|
| Target | N/A | N/A | N/A | N/A | N/A | Baseline | 365 | 365 |
| Result | N/A | N/A | N/A | N/A | N/A | 365 | 9/30/19 | 9/20/20 |
| Status | N/A | N/A | N/A | N/A | N/A | Historic Actual | Pending | Pending |
This measure serves as an enterprise-wide countdown measure since the last day of a major PII incident in the Department as well as a gauge for the number of major PII incidents. The number of days will continue to increase unless there is a major incident, at which point the count resets.
