Information security management (21 - 30 of 50 items)
Bureau of the Public Debt: Areas for Improvement in Information Security Controls
GAO-08-625R: Published: May 27, 2008. Publicly Released: May 27, 2008.
In connection with fulfilling our requirement to audit the financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2007 and 2006. As part of these audits, we performed a review of the general and application information security controls over key BPD financial syste...
Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks
GAO-08-526: Published: May 21, 2008. Publicly Released: May 21, 2008.
Securing the control systems that regulate the nation's critical infrastructures is vital to ensuring our economic security and public health and safety. The Tennessee Valley Authority (TVA), a federal corporation and the nation's largest public power company, generates and distributes power in an area of about 80,000 square miles in the southeastern United States. GAO was asked to determine wheth...
Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks
GAO-08-775T: Published: May 21, 2008. Publicly Released: May 21, 2008.
The control systems that regulate the nation's critical infrastructures face risks of cyber threats, system vulnerabilities, and potential attacks. Securing these systems is therefore vital to ensuring national security, economic well-being, and public health and safety. While most critical infrastructures are privately owned, the Tennessee Valley Authority (TVA), a federal corporation and the nat...
Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies
GAO-08-496T: Published: Feb 14, 2008. Publicly Released: Feb 14, 2008.
Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of its biennial reports to the Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed t...
Information Security: IRS Needs to Address Pervasive Weaknesses
GAO-08-211: Published: Jan 8, 2008. Publicly Released: Jan 8, 2008.
The Internal Revenue Service (IRS) relies extensively on computerized systems to carry out its demanding responsibilities to collect taxes (about $2.7 trillion in fiscal year 2007), process tax returns, and enforce the nation's tax laws. Effective information security controls are essential to ensuring that financial and taxpayer information is adequately protected from inadvertent or deliberate m...
Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs
GAO-07-1019: Published: Sep 7, 2007. Publicly Released: Sep 19, 2007.
In May 2006, the Department of Veterans Affairs (VA) announced that computer equipment containing personal information on approximately 26.5 million veterans and active duty military personnel had been stolen. Given the importance of information technology (IT) to VA's mission, effective information security controls are critical to maintaining public and veteran confidence in its ability to prote...
Information Security: Persistent Weaknesses Highlight Need for Further Improvement
GAO-07-751T: Published: Apr 19, 2007. Publicly Released: Apr 19, 2007.
For many years, GAO has reported that weaknesses in information security are a widespread problem with potentially devastating consequences--such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information. In reports to Congress since 1997, GAO has identified information security as a governmentwide high-risk issue. Concerned by reports of signific...
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Veterans Affairs Needs to Address Long-Standing Weaknesses
GAO-07-532T: Published: Feb 28, 2007. Publicly Released: Feb 28, 2007.
Security breaches at the Department of Veterans Affairs (VA) and other public and private organizations have highlighted the importance of well-designed and implemented information security programs. GAO was asked to testify on its past work on VA's information security program, as well as ongoing reviews that it is conducting at VA. In developing its testimony, GAO drew on over 15 of its previous...
Information Security: Federal Reserve Needs to Address Treasury Auction Systems
GAO-06-659: Published: Aug 30, 2006. Publicly Released: Aug 30, 2006.
The Federal Reserve System's Federal Reserve Banks (FRB) serve as fiscal agents of the U.S. government when they are directed to do so by the Secretary of the Treasury. In this capacity, the FRBs operate and maintain several mainframe and distributed-based systems--including the systems that support the Department of the Treasury's auctions of marketable securities--on behalf of the department's B...