Cybersecurity Risk Management Identifies and Manages Enterprise Risk

The Enterprise Cybersecurity Risk Management portfolio is responsible for identifying, assessing, prioritizing, and managing cyber risk at the United States Postal Service®. This team prioritizes a cyber risk based on the impact it will have on Postal Service™ assets, as well as the likelihood the risk will become a problem. The risk team has a variety of information sources to perform their analysis, which includes:

n Assessment and authorization identified vulnerabilities.

n Vulnerabilities discovered through scanning.

n Risks and vulnerabilities found within USPS® suppliers through third-party risk management.

n Threats associated with nation-state actors and organized cybercrime.

n Exposure of vulnerabilities through threat detection and incident response.

n Ad hoc discovery of risks through stakeholder identification.

The team manages risk through a centralized tool. Within that tool, a risk is first identified and given a score. The score is on a scale that ranges from minor to catastrophic based on the potential impact to business operations. The team then notifies all potentially impacted parties and puts together a detailed response plan. With approval from leadership, the team implements their plan and remediates the risk. Once the plan has been executed, the evaluation phase begins to ensure the risk has been completely eliminated.

Together, all the steps in the cyber risk management process protect the Postal Service network in an ever-evolving cybersecurity environment.

You can help Cybersecurity Risk Management protect USPS using the following tips:

n Be cautious with unexpected emails and text messages. Cybercriminals are good at creating convincing messages that appear to come from trustworthy organizations, such as banks, schools, or even the World Health Organization.

n Browse the internet safely. Cybercriminals can create malicious websites that appear authentic and offer information related to COVID-19, but they’re intended to steal usernames, passwords, and other sensitive information.

For more information about Cybersecurity Risk Management, visit