Data integrity (31 - 40 of 54 items)
Information Security: Comments on Proposed Government Information Act of 1999
T-AIMD-00-107: Published: Mar 2, 2000. Publicly Released: Mar 2, 2000.
Pursuant to a congressional request, GAO discussed S. 1993, the Government Information Security Act of 1999 and its impact on strengthening the information security practices throughout the federal government, focusing on: (1) potential improvements in federal agency performance in addressing computer security issues; (2) the need for better-defined control standards; and (3) centralized leadershi...
Information Security: Fundamental Weaknesses Place EPA Data and Operations at Risk
T-AIMD-00-97: Published: Feb 17, 2000. Publicly Released: Feb 17, 2000.
Pursuant to a congressional request, GAO discussed its recent review of information security at the Environmental Protection Agency (EPA).GAO noted that: (1) GAO's review found serious and pervasive problems that essentially render EPA's agencywide information security program ineffective; (2) current security program planning and management is largely a paper exercise that has done little to subs...
Critical Infrastructure Protection: National Plan for Information Systems Protection
AIMD-00-90R: Published: Feb 11, 2000. Publicly Released: Feb 11, 2000.
Pursuant to a congressional request, GAO assessed national security legal authorities related to infrastructure protection, focusing on the administration's National Plan for Information Systems Protection.GAO noted that: (1) the National Plan for Information Systems Protection is an important and positive step toward building the cyber-defense necessary to protect critical information assets and...
Critical Infrastructure Protection: Comments on the National Plan for Information Systems Protection
T-AIMD-00-72: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a congressional request, GAO discussed the National Plan for Information Systems Protection, focusing on: (1) a detailed overview of the plan; (2) opportunities for sharpening the plan's proposals for improving the federal government's security programs; and (3) the challenges facing the government in building the public-private partnerships necessary for comprehensive infrastructure p...
VA Systems Security: Information System Controls at the North Texas Health Care System
AIMD-00-52R: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a legislative requirement, GAO reviewed the weaknesses of the North Texas Health Care System's (NTHCS) information system general controls and the status of corrective actions taken to mitigate these weaknesses.GAO noted that: (1) NTHCS made progress in correcting specific computer security weaknesses that GAO identified in its previous evaluation of information system general controls...
Computer Security: FAA Needs to Improve Controls Over Use of Foreign Nationals to Remediate and Review Software
AIMD-00-55: Published: Dec 23, 1999. Publicly Released: Jan 4, 2000.
Pursuant to a congressional request, GAO provided information on the Federal Aviation Administration's (FAA) security controls over information on the foreign nationals involved in remediating and reviewing software, focusing on: (1) the extent to which foreign nationals were involved in year 2000 code remediation and subsequent code review activities at FAA; and (2) FAA's policies covering this i...
Information Security Risk Assessment: Practices of Leading Organizations
AIMD-00-33: Published: Nov 1, 1999. Publicly Released: Nov 1, 1999.
This document is a supplement to GAO's May 1998 executive guide on information security management. It is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessmen...
Information Security: SSA's Computer Intrusion Detection Capabilities
AIMD-00-16R: Published: Oct 27, 1999. Publicly Released: Oct 27, 1999.
GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse.GAO noted that: (1) while SSA has a basic system and network management policies and procedures that provide a foundation for more effective intrusion and misuse detection capabil...
Critical Infrastructure Protection: Comprehensive Strategy Can Draw on Year 2000 Experiences
AIMD-00-1: Published: Oct 1, 1999. Publicly Released: Oct 5, 1999.
Pursuant to a congressional request, GAO provided information on efforts to protect the nation's critical infrastructures, focusing on: (1) GAO's recent findings on computer security and critical infrastructure protection; and (2) preliminary lessons learned from the year 2000 date conversion experience that can benefit critical infrastructure protection efforts.GAO noted that: (1) the nation's co...
Information Security: The Proposed Computer Security Enhancement Act of 1999
T-AIMD-99-302: Published: Sep 30, 1999. Publicly Released: Sep 30, 1999.
Pursuant to a congressional request, GAO discussed the proposed Computer Security Enhancement Act of 1999 (H.R. 2413), focusing on: (1) the urgent need to strengthen computer security across the federal government; (2) the current and future privacy concerns with any computer security legislation; (3) GAO's views on the proposed act; and (4) what can be done to further strengthen security program...