Electronic information is essential to achieving government organizational objectives. Its reliability, integrity and availability are significant concerns in most audits. The use of computer networks, particularly the Internet, is revolutionizing the way government conducts business. While the benefits have been enormous and vast amounts of information are now literally at our fingertips, these interconnections also pose significant risks to computer systems, information, and the critical operations and infrastructure they support. Infrastructure elements such as telecommunications, energy distribution, national defense, law enforcement, government and emergency services are subject to these risks. The same factors that benefit operations, i.e. speed and accessibility, if not adequately controlled, can make them vulnerable to fraud, sabotage and harmful or harmful acts. Furthermore, natural disasters and inadvertent errors by authorized computer users can have devastating consequences if information assets are poorly protected. Recent publicized outages caused by viruses, worms, and denial of service attacks on commercial and government websites illustrate the potential for harm. Cybersecurity is of increasing importance to all levels of government in minimizing the risk of malicious attacks by individuals and groups. These risks include fraudulent loss or misuse of government resources, unauthorized access to the release of sensitive information such as medical and tax records, interruption of critical operations due to virus or hacker attacks, and modification or destruction of the data. The risk of cyberattacks threatening vital national interests increases with the following developments in information technology: • Money is increasingly transferred electronically between and among government agencies, commercial enterprises, and individuals. • Governments are rapidly expanding the use of electronic commerce. • National defense and intelligence communities increasingly rely on commercially available information technology. • Utilities and telecommunications increasingly rely on information systems to manage daily operations. • More and more sensitive economic and business information is exchanged electronically. • Computer systems are rapidly increasing in complexity and interconnectivity. use hacker tools are easily available and hacker activity is on the rise. • Supporting paper documents are reduced or eliminated. Each of these factors significantly increases the need to ensure the privacy, security and availability of state and local government systems. Although as many As probably 80% of security breaches are never reported, the number of reported incidents is growing dramatically. For example, the number of incidents handled by Carnegie-Mellon University's CERT1 Coordination Center has multiplied more than 86 times since 1990,2 from 252 in 1990 to 21,756 in 2000. Additionally, the Center handled over 34,000 incidents during the first three quarters of 2001. Likewise, the Federal Bureau of Investigation (FBI) reports that its caseload is