Information systems (31 - 40 of 40 items)
Information Security: Progress and Challenges to an Effective Defense-wide Information Assurance Program
GAO-01-307: Published: Mar 30, 2001. Publicly Released: Mar 30, 2001.
The components, military services, and agencies of the Department of Defense (DOD) share many risks in their use of globally networked computer systems to perform operational missions. Many reports of vulnerabilities, organized intrusions, and theft related to department systems and networks have underscored weaknesses in DOD systems. In January 1998, DOD responded to these risks by announcing its...
Critical Infrastructure Protection: Comments on the National Plan for Information Systems Protection
T-AIMD-00-72: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a congressional request, GAO discussed the National Plan for Information Systems Protection, focusing on: (1) a detailed overview of the plan; (2) opportunities for sharpening the plan's proposals for improving the federal government's security programs; and (3) the challenges facing the government in building the public-private partnerships necessary for comprehensive infrastructure p...
Information Security: SSA's Computer Intrusion Detection Capabilities
AIMD-00-16R: Published: Oct 27, 1999. Publicly Released: Oct 27, 1999.
GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse.GAO noted that: (1) while SSA has a basic system and network management policies and procedures that provide a foundation for more effective intrusion and misuse detection capabil...
Information Security: Answers to Posthearing Questions
AIMD-99-272R: Published: Aug 9, 1999. Publicly Released: Aug 9, 1999.
Pursuant to a congressional request, GAO responded to congressional questions regarding its June 24, 1999, testimony on the need for stronger information security management, focusing on: (1) the effectiveness of federal agencies' implementation of the 1987 Computer Security Act; (2) what gaps the Presidential Decision Directive (PDD) No. 63 will fill within existing federal programs that would im...
Information Security: Recent Attacks on Federal Web Sites Underscore Need for Stronger Information Security Management
T-AIMD-99-223: Published: Jun 24, 1999. Publicly Released: Jun 24, 1999.
Pursuant to a congressional request, GAO discussed the recent break-ins of federal web sites.GAO noted that: (1) the recent series of attacks on federal web sites have primarily focused on defacing, or vandalizing web site content or initiating denial of service attacks in order to crash servers; (2) fortunately, the consequences of recent attacks on federal web sites have been largely confined to...
Communications Privacy: Federal Policy and Actions
OSI-94-2: Published: Nov 4, 1993. Publicly Released: Nov 5, 1993.
Pursuant to a congressional request, GAO examined whether federal policies negatively affect U.S. corporations' ability to protect themselves against economic espionage, focusing on: (1) the need for information privacy in computer and communications systems to prevent economic espionage; (2) federal agency authority to develop cryptographic standards for protection of sensitive, unclassified info...
Computer Security: Hackers Penetrate DOD Computer Systems
T-IMTEC-92-5: Published: Nov 20, 1991. Publicly Released: Nov 20, 1991.
GAO discussed the intrusions of Dutch hackers into Department of Defense (DOD) unclassified, sensitive computer systems during Operation Desert Storm/Shield. GAO noted that: (1) computer hackers from the Netherlands penetrated 34 DOD sites attached to Internet, an unclassified network composed of smaller networks nationwide and overseas, between April 1990 and May 1991; (2) the hackers had access...
Computers and Privacy: How the Government Obtains, Verifies, Uses, and Protects Personal Data
IMTEC-90-70BR: Published: Aug 3, 1990. Publicly Released: Aug 31, 1990.
Pursuant to a congressional request, GAO presented information on: (1) how federal agencies obtain, verify, use, and protect personal data; (2) how individuals are made aware of information collected about them; (3) what telecommunications and network facilities agencies' systems use to transmit data; and (4) what effect new technologies have on the sharing of personal data.GAO found that: (1) age...
Computer Security: Unauthorized Access to a NASA Scientific Network
IMTEC-90-2: Published: Nov 13, 1989. Publicly Released: Dec 18, 1989.
Pursuant to a congressional request, GAO reviewed the National Aeronautics and Space Administration's (NASA) Space Physics Analysis Network (SPAN), focusing on: (1) SPAN characteristics; (2) instances of unauthorized use of the SPAN system; and (3) steps NASA took to minimize unauthorized SPAN use.GAO found that: (1) SPAN was a worldwide computer network that the scientific community used to condu...
Computer Security: Virus Highlights Need for Improved Internet Management
IMTEC-89-57: Published: Jun 12, 1989. Publicly Released: Jul 20, 1989.
Pursuant to a congressional request, GAO reviewed the November 1988 Internet computer virus incident.GAO found that: (1) the Internet virus infected up to 6,000 computers within hours after it appeared, clogging systems and disrupting most of the nation's major research centers; (2) university computer experts eradicated the virus at most sites within 2 days; (3) the virus caused lost computer pro...