Confidential communication (1 - 10 of 23 items)
Information Security: DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System
GAO-16-294: Published: Jan 28, 2016. Publicly Released: Jan 28, 2016.
The Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS) is partially, but not fully, meeting its stated system objectives:Intrusion detection: NCPS provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies. Specifically, NCPS compares network traffic to known patterns of malicious data...
Information Security: Federal Agencies Need to Better Protect Sensitive Data
GAO-16-194T: Published: Nov 17, 2015. Publicly Released: Nov 17, 2015.
Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from software coding errors or the actions of careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, terrorists, disgruntled employees or other organizational insiders, among others. These concerns are further...
Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure
GAO-11-865T: Published: Jul 26, 2011. Publicly Released: Jul 26, 2011.
Increasing computer interconnectivity, such as the growth of the Internet, has revolutionized the way our government, our nation, and much of the world communicate and conduct business. However, this widespread interconnectivity poses significant risks to the government's and the nation's computer systems, and to the critical infrastructures they support. These critical infrastructures include sys...
Cybersecurity: Continued Attention Is Needed to Protect Federal Information Systems from Evolving Threats
GAO-10-834T: Published: Jun 16, 2010. Publicly Released: Jun 16, 2010.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent testimony, the Director of National Intelligence highlighted that many nation states, terrorist networks, and organized criminal groups have the capability to target elements of the United States information infrastructure for intelligence colle...
Cybersecurity: Continued Efforts Are Needed to Protect Information Systems from Evolving Threats
GAO-10-230T: Published: Nov 17, 2009. Publicly Released: Nov 17, 2009.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent months, federal officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the United States; and press ac...
Information Security: Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses
GAO-09-546: Published: Jul 17, 2009. Publicly Released: Jul 17, 2009.
For many years, GAO has reported that weaknesses in information security are a widespread problem that can have serious consequences--such as intrusions by malicious users, compromised networks, and the theft of intellectual property and personally identifiable information--and has identified information security as a governmentwide high-risk issue since 1997. Concerned by reports of significant v...
Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information
GAO-09-835T: Published: Jun 25, 2009. Publicly Released: Jun 25, 2009.
Federal laws and policy have assigned important roles and responsibilities to the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure--much of which is owned by the private sector--and securing its own computer syste...
Information Security: Securities and Exchange Commission Needs to Consistently Implement Effective Controls
GAO-09-203: Published: Mar 16, 2009. Publicly Released: Mar 16, 2009.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Effective information security controls are essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misuse, disclosure, or destruction. As part of...
Information Security: Further Actions Needed to Address Risks to Bank Secrecy Act Data
GAO-09-195: Published: Jan 30, 2009. Publicly Released: Jan 30, 2009.
The Financial Crimes Enforcement Network (FinCEN), a bureau within the Department of the Treasury, relies extensively on its own computer systems, as well as those at the Internal Revenue Service (IRS) and the Treasury Communications System (TCS), to administer the Bank Secrecy Act (BSA) and fulfill its mission of safeguarding the U.S. financial system from financial crimes. Effective information...
Information Security: Actions Needed to Better Protect Los Alamos National Laboratory's Unclassified Computer Network
GAO-08-1001: Published: Sep 9, 2008. Publicly Released: Sep 26, 2008.
The Los Alamos National Laboratory (LANL), which is operated by the National Nuclear Security Administration (NNSA), has experienced security lapses protecting information on its unclassified computer network. The unclassified network contains sensitive information. GAO (1) assessed the effectiveness of the security controls LANL has in place to protect information transmitted over its unclassifie...