All Topics » Information Security
Information Security (61 - 70 of 425 items)
Driver's License Security: Federal Leadership Needed to Address Remaining Vulnerabilities
GAO-12-893: Published: Sep 21, 2012. Publicly Released: Sep 21, 2012.
To verify license applicants' identity, all 50 states and the District of Columbia have procedures that may detect counterfeit documents. For example, all states are now verifying key personal information, such as Social Security numbers (SSN) through online queries to a Social Security Administration (SSA) database, a significant increase from about a decade ago. This effort helps ensure that the...
Information Security: Better Implementation of Controls for Mobile Devices Should Be Encouraged
GAO-12-757: Published: Sep 18, 2012. Publicly Released: Sep 18, 2012.
Threats to the security of mobile devices and the information they store and process have been increasing significantly. For example, the number of variants of malicious software, known as malware, aimed at mobile devices has reportedly risen from about 14,000 to 40,000 or about 185 percent in less than a year (see figure). Cyber criminals may use a variety of attack methods, including interce...
Information Security: Environmental Protection Agency Needs to Resolve Weaknesses
GAO-12-696: Published: Jul 19, 2012. Publicly Released: Aug 20, 2012.
Although the Environmental Protection Agency (EPA) has taken steps to safeguard the information and systems that support its mission, security control weaknesses pervaded its systems and networks, thereby jeopardizing the agencys ability to sufficiently protect the confidentiality, integrity, and availability of its information and systems. The agency did not fully implement access controls,...
Cybersecurity: Challenges in Securing the Electricity Grid
GAO-12-926T: Published: Jul 17, 2012. Publicly Released: Jul 17, 2012.
The threats to systems supporting critical infrastructures are evolving and growing. In testimony, the Director of National Intelligence noted a dramatic increase in cyber activity targeting U.S. computers and systems, including a more than tripling of the volume of malicious software. Varying types of threats from numerous sources can adversely affect computers, software, networks, organizations,...
Information Security: Cyber Threats Facilitate Ability to Commit Economic Espionage
GAO-12-876T: Published: Jun 28, 2012. Publicly Released: Jun 28, 2012.
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These sources include criminal groups, hackers, terrorists, organization insiders, and foreign nations engaged in crime, political activism, or espionage and information warfare. These threat sources vary in terms of the capabilities of the actors, their willingness to act, and their motives, which can inc...
Cybersecurity: Threats Impacting the Nation
GAO-12-666T: Published: Apr 24, 2012. Publicly Released: Apr 24, 2012.
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal gr...
IT Supply Chain: Additional Efforts Needed by National Security-Related Agencies to Address Risks
GAO-12-579T: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a systems development life cycle and could create an unacceptable risk to federal agencies. Key supply chain-related threats includeinstallation of intentionally harmful hardware o...
IT Supply Chain: National Security-Related Agencies Need to Better Address Risks
GAO-12-361: Published: Mar 23, 2012. Publicly Released: Mar 23, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems. These risks include threats posed by actorssuch as foreign intelligence services or counterfeiterswho may exploit vulnerabilities in the supply chain and thus compromise the confidentiality, integrity, or availability of an end system and the information it contains. This in turn can adversely a...
Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-12-393: Published: Mar 16, 2012. Publicly Released: Mar 16, 2012.
IRS implemented numerous controls and procedures intended to protect key financial and tax-processing systems; nevertheless, control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRSs systems. Specifically, the agency continues to face challenges in controlling access to its...
Cybersecurity: Challenges in Securing the Modernized Electricity Grid
GAO-12-507T: Published: Feb 28, 2012. Publicly Released: Feb 28, 2012.
The threats to systems supporting critical infrastructures are evolving and growing. In a February 2011 testimony, the Director of National Intelligence noted that there had been a dramatic increase in cyber activity targeting U.S. computers and systems in the previous year, including a more than tripling of the volume of malicious software since 2009. Varying types of threats from numerous source...