Confidential communication (11 - 20 of 83 items)
Cybersecurity: Continued Efforts Are Needed to Protect Information Systems from Evolving Threats
GAO-10-230T: Published: Nov 17, 2009. Publicly Released: Nov 17, 2009.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent months, federal officials have cited the continued efforts of foreign nations and criminals to target government and private sector networks; terrorist groups have expressed a desire to use cyber attacks to target the United States; and press ac...
Information Security: Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses
GAO-09-546: Published: Jul 17, 2009. Publicly Released: Jul 17, 2009.
For many years, GAO has reported that weaknesses in information security are a widespread problem that can have serious consequences--such as intrusions by malicious users, compromised networks, and the theft of intellectual property and personally identifiable information--and has identified information security as a governmentwide high-risk issue since 1997. Concerned by reports of significant v...
Cybersecurity: Continued Federal Efforts Are Needed to Protect Critical Systems and Information
GAO-09-835T: Published: Jun 25, 2009. Publicly Released: Jun 25, 2009.
Federal laws and policy have assigned important roles and responsibilities to the Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) for securing computer networks and systems. DHS is charged with coordinating the protection of computer-reliant critical infrastructure--much of which is owned by the private sector--and securing its own computer syste...
Information Security: Securities and Exchange Commission Needs to Consistently Implement Effective Controls
GAO-09-203: Published: Mar 16, 2009. Publicly Released: Mar 16, 2009.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Effective information security controls are essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misuse, disclosure, or destruction. As part of...
Information Security: Further Actions Needed to Address Risks to Bank Secrecy Act Data
GAO-09-195: Published: Jan 30, 2009. Publicly Released: Jan 30, 2009.
The Financial Crimes Enforcement Network (FinCEN), a bureau within the Department of the Treasury, relies extensively on its own computer systems, as well as those at the Internal Revenue Service (IRS) and the Treasury Communications System (TCS), to administer the Bank Secrecy Act (BSA) and fulfill its mission of safeguarding the U.S. financial system from financial crimes. Effective information...
Information Security: Actions Needed to Better Protect Los Alamos National Laboratory's Unclassified Computer Network
GAO-08-1001: Published: Sep 9, 2008. Publicly Released: Sep 26, 2008.
The Los Alamos National Laboratory (LANL), which is operated by the National Nuclear Security Administration (NNSA), has experienced security lapses protecting information on its unclassified computer network. The unclassified network contains sensitive information. GAO (1) assessed the effectiveness of the security controls LANL has in place to protect information transmitted over its unclassifie...
Nuclear Security: Los Alamos National Laboratory Faces Challenges In Sustaining Physical and Cyber Security Improvements
GAO-08-1180T: Published: Sep 25, 2008. Publicly Released: Sep 25, 2008.
Los Alamos National Laboratory (LANL) is one of three National Nuclear Security Administration (NNSA) laboratories that designs and develops nuclear weapons for the U.S. stockpile. LANL employees rely on sensitive and classified information and assets that are protected at different levels, depending on the risks posed if they were lost, stolen, or otherwise compromised. However, LANL has experien...
Critical Infrastructure Protection: DHS Needs to Better Address Its Cybersecurity Responsibilities
GAO-08-1157T: Published: Sep 16, 2008. Publicly Released: Sep 16, 2008.
Recent cyber attacks demonstrate the potentially devastating impact these pose to our nation's computer systems and to the federal operations and critical infrastructures that they support. They also highlight that we need to be vigilant against individuals and groups with malicious intent, such as criminals, terrorists, and nation-states perpetuating these attacks. Federal law and policy establis...
Information Security: Federal Agency Efforts to Encrypt Sensitive Information Are Under Way, but Work Remains
GAO-08-525: Published: Jun 27, 2008. Publicly Released: Jul 28, 2008.
Many federal operations are supported by automated systems that may contain sensitive information such as national security information that, if lost or stolen, could be disclosed for improper purposes. Compromises of sensitive information at numerous federal agencies have raised concerns about the extent to which such information is vulnerable. The use of technological controls such as encryption...
Managing Sensitive Information: Departments of Energy and Defense Policies and Oversight Could Be Improved
GAO-06-369: Published: Mar 7, 2006. Publicly Released: Mar 14, 2006.
In the interest of national security and personal privacy and for other reasons, federal agencies place dissemination restrictions on information that is unclassified yet still sensitive. The Department of Energy (DOE) and the Department of Defense (DOD) have both issued policy guidance on how and when to protect sensitive information. DOE marks documents with this information as Official Use Only...