Cyber security (41 - 50 of 53 items)
Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements
GAO-04-483T: Published: Mar 16, 2004. Publicly Released: Mar 16, 2004.
For many years, GAO has reported on the widespread negative impact of poor information security within federal agencies and has identified it as a governmentwide high-risk issue since 1997. Legislation designed to improve information security was enacted in October 2000. It was strengthened in December 2002 by new legislation, the Federal Information Security Management Act of 2002 (FISMA), which...
Information Security: Technologies to Secure Federal Systems
GAO-04-467: Published: Mar 9, 2004. Publicly Released: Mar 16, 2004.
Federal agencies rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and date is essential to preventing data tampering, disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Congress and the executive branch have taken actions to address this challenge, such as enacting and...
Critical Infrastructure Protection: Challenges in Securing Control Systems
GAO-04-140T: Published: Oct 1, 2003. Publicly Released: Oct 1, 2003.
Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines; in the electric power industry, they can monitor and control the current and voltage of electricity through relays and circuit breakers; and in water treatment facilities, th...
Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities
GAO-03-1138T: Published: Sep 10, 2003. Publicly Released: Sep 10, 2003.
Attacks on computer systems--in government and the private sector--are increasing at an alarming rate, placing both federal and private-sector operations and assets at considerable risk. By exploiting software vulnerabilities, hackers can cause significant damage. While patches, or software fixes, for these vulnerabilities are often well publicized and available, they are frequently not quickly or...
FAA Computer Security: Recommendations to Address Continuing Weaknesses
GAO-01-171: Published: Dec 6, 2000. Publicly Released: Dec 6, 2000.
The Federal Aviation Administration's (FAA) agencywide computer security programs have serious, pervasive problems in the following key areas: personnel security, facility physical security, operational systems security, information systems security management, service continuity, and intrusion detection. Until FAA addresses the pervasive weaknesses in its computer security program, its critical i...
FAA Computer Security: Actions Needed to Address Critical Weaknesses That Jeopardize Aviation Operations
T-AIMD-00-330: Published: Sep 27, 2000. Publicly Released: Sep 27, 2000.
Pursuant to a congressional request, GAO discussed the Federal Aviation Administration's (FAA) computer security weaknesses, focusing on: (1) FAA's history of computer security weaknesses; (2) the adequacy of FAA's efforts to prevent unauthorized access to data--specifically focusing on personnel security, facilities' physical security, systems security, security program planning and management, a...
Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan
AIMD-00-217: Published: Aug 10, 2000. Publicly Released: Sep 11, 2000.
Pursuant to a congressional request, GAO provided information on the steps the Department of Agriculture (USDA) is taking to help ensure departmentwide information systems security.GAO noted that: (1) USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen departmentwide information security and hiring a...
Information Security: Vulnerabilities in DOE's Systems for Unclassified Civilian Research
AIMD-00-140: Published: Jun 9, 2000. Publicly Released: Jun 30, 2000.
Pursuant to a congressional request, GAO reviewed the security of the Department of Energy's (DOE) unclassified information systems that support its civilian research programs, focusing on: (1) whether DOE's unclassified systems for civilian research are vulnerable to unauthorized access; (2) whether DOE is effectively managing information systems security; and (3) what DOE is doing to address the...
Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000
T-AIMD-00-229: Published: Jun 22, 2000. Publicly Released: Jun 22, 2000.
Pursuant to a congressional request, GAO discussed the proposed Cyber Security Information Act of 2000 (H.R. 4246), focusing on how it can enhance critical infrastructure protection and the formidable challenges involved with achieving the goals of the bill.GAO noted that: (1) by removing key barriers that are precluding private industry from sharing information about infrastructure threats and vu...
Computer Security: FAA Is Addressing Personnel Weaknesses, But Further Action Is Required
AIMD-00-169: Published: May 31, 2000. Publicly Released: Jun 13, 2000.
Pursuant to a congressional request, GAO reviewed the Federal Aviation Administration's (FAA) efforts to address personnel security issues, focusing on: (1) the factors that contributed to FAA's failure to adhere to the requirements of its personnel security program, which requires background searches--investigations or checks--of contractor employees commensurate with the risk level of the tasks...