The Department of Energy operates numerous interconnected computer networks and systems to help accon~plishit s strategic missions in the areas of energy, defense, science, and the environment. These systems are frequently subjected to sophisticated cyber attacks that could potentially affect the Department's ability to carry out its mission. During Fiscal Year 2006, the Department experienced 132 incidents of sufficient severity to require reporting to law enforcement, an increase of 22 percent over the prior year. These statistics, troubling as they may be, are not unique to the Department; they are, in fact, reflective of a trend in cyber attacks throughout the government. The Federal Information Security Management Act of 2002 requires each agency to implement procedures for detecting, reporting and responding to cyber security incidents, including notifying and consulting with the Department of Homeland Security's Federal Computer Incident Response Center, law enforcement agencies, and Inspectors General. To meet this requirement and counter the threat posed by cyber attacks, the Department has established incident reporting mechanisms and various cyber security incident response and analysis capabilities to prevent, detect, respond, and recover from cyber security incidents. Given the prevalence of cyber security attacks on Federal information systems, we initiated an audit to determine if the Department had developed an integrated and effective cyber security incident management program.