All Topics » Information Security
Information Security (81 - 90 of 424 items)
Defense Department Cyber Efforts: More Detailed Guidance Needed to Ensure Military Services Develop Appropriate Cyberspace Capabilities
GAO-11-421: Published: May 20, 2011. Publicly Released: Jun 20, 2011.
The U.S. military depends heavily on computer networks, and potential adversaries see cyberwarfare as an opportunity to pose a significant threat at low cost---a few programmers could cripple an entire information system. The Department of Defense (DOD) created U.S. Cyber Command to counter cyber threats, and tasked the military services with providing support. GAO examined the extent to which DOD...
Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure and Federal Information Systems
GAO-11-463T: Published: Mar 16, 2011. Publicly Released: Mar 16, 2011.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of our nation's critical infrastructure and the federal government. In recent testimony, the Director of National Intelligence stated that there had been a dramatic increase in malicious cyber activity targeting U.S. computers and networks. In addition, recent reports of cyber atta...
Information Security: IRS Needs to Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-11-308: Published: Mar 15, 2011. Publicly Released: Mar 15, 2011.
The Internal Revenue Service (IRS) has a demanding responsibility in collecting taxes, processing tax returns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect financial and sensitive taxpayer information that resides on those systems. As part of its audit of IR...
Electricity Grid Modernization: Progress Being Made on Cybersecurity Guidelines, but Key Challenges Remain to be Addressed
GAO-11-117: Published: Jan 12, 2011. Publicly Released: Jan 12, 2011.
The electric industry is increasingly incorporating information technology (IT) systems into its operations as part of nationwide efforts--commonly referred to as smart grid--to improve reliability and efficiency. There is concern that if these efforts are not implemented securely, the electric grid could become more vulnerable to attacks and loss of services. To address this concern, the Energy I...
Information Security: National Nuclear Security Administration Needs to Improve Contingency Planning for Its Classified Supercomputing Operations
GAO-11-67: Published: Dec 9, 2010. Publicly Released: Dec 9, 2010.
In the absence of underground nuclear weapons testing, the National Nuclear Security Administration (NNSA) relies on its supercomputing operations at its three weapons laboratories to simulate the effects of changes to current weapons systems, calculate the confidence of future untested systems, and ensure military requirements are met. GAO was requested to assess the extent to which (1) NNSA has...
Information Security: Federal Agencies Have Taken Steps to Secure Wireless Networks, but Further Actions Can Mitigate Risk
GAO-11-43: Published: Nov 30, 2010. Publicly Released: Nov 30, 2010.
Over the past several years, federal agencies have rapidly adopted the use of wireless technologies for their information systems. In a 2005 report, GAO recommended that the Office of Management and Budget (OMB), in its role overseeing governmentwide information security, take several steps to help agencies better secure their wireless networks. GAO was asked to update its prior report by (1) iden...
Information Security: Federal Deposit Insurance Corporation Needs to Mitigate Control Weaknesses
GAO-11-29: Published: Nov 30, 2010. Publicly Released: Nov 30, 2010.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of its work, the corporation must employ strong information security controls to ensure that its information systems are adequately protected from inadvertent misuse, fraud, and improper disclosure. As part o...
Information Security: National Archives and Records Administration Needs to Implement Key Program Elements and Controls
GAO-11-20: Published: Oct 21, 2010. Publicly Released: Oct 27, 2010.
The National Archives and Records Administration (NARA) is responsible for preserving access to government documents and other records of historical significance and overseeing records management throughout the federal government. NARA relies on the use of information systems to receive, process, store, and track government records. As such, NARA is tasked with preserving and maintaining access to...
Cyberspace Policy: Executive Branch Is Making Progress Implementing 2009 Policy Review Recommendations, but Sustained Leadership Is Needed
GAO-11-24: Published: Oct 6, 2010. Publicly Released: Oct 6, 2010.
To address pervasive computer-based (cyber) attacks against the United States that posed potentially devastating impacts to systems and operations, the federal government has developed policies and strategies intended to combat these threats. A recent key development was in February 2009, when President Obama initiated a review of the government's overall strategy and supporting activities with th...
Information Security: Progress Made on Harmonizing Policies and Guidance for National Security and Non-National Security Systems
GAO-10-916: Published: Sep 15, 2010. Publicly Released: Sep 15, 2010.
Historically, civilian and national security-related information technology (IT) systems have been governed by different information security policies and guidance. Specifically, the Office of Management and Budget and the Department of Commerce's National Institute of Standards and Technology (NIST) established policies and guidance for civilian non-national security systems, while other organiza...