The New York Times reports the Office of Personnel Management did not possess an inventory of all the computer servers and devices with access to its networks, and did not require anyone gaining access to information from the outside to use the kind of basic authentication techniques that most Americans use for online banking.
How can this happen? Now I’m sure the Equipment Control Matrix (ECM) needs to be updated to be the Asset Control Matrix (ACM) – ASTM E2608. And even more sure that ISO 55000 can have a pronounced positive impact on the security of sensitive data and information.
You can read the whole New York Times story here: