Internal controls (21 - 30 of 50 items)
Information Security: Weak Controls Place DC Highway Trust Fund and Other Data at Risk
GAO-01-155: Published: Jan 31, 2001. Publicly Released: Jan 31, 2001.
GAO reviewed information system general controls over the financial systems that process and account for the financial activities of the District of Columbia's Highway Trust Fund. GAO identified serious computer security weaknesses that place District information at risk of deliberate or inadvertent misuse. These general control problems affected the District's ability to (1) prevent or detect una...
VA Information Systems: Computer Security Weaknesses Persist at the Veterans Health Administration
AIMD-00-232: Published: Sep 8, 2000. Publicly Released: Sep 8, 2000.
Pursuant to a legislative requirement, GAO reviewed information system general controls over financial and sensitive veteran medical information maintained by the Veterans Health Administration (VHA), focusing on: (1) specific computer security weaknesses GAO identified at the New Mexico and North Texas health care systems in conjunction with the audit of the Department of Veterans Affairs (VA) fi...
Information Security: Comments on Proposed Government Information Act of 1999
T-AIMD-00-107: Published: Mar 2, 2000. Publicly Released: Mar 2, 2000.
Pursuant to a congressional request, GAO discussed S. 1993, the Government Information Security Act of 1999 and its impact on strengthening the information security practices throughout the federal government, focusing on: (1) potential improvements in federal agency performance in addressing computer security issues; (2) the need for better-defined control standards; and (3) centralized leadershi...
Information Security: Fundamental Weaknesses Place EPA Data and Operations at Risk
T-AIMD-00-97: Published: Feb 17, 2000. Publicly Released: Feb 17, 2000.
Pursuant to a congressional request, GAO discussed its recent review of information security at the Environmental Protection Agency (EPA).GAO noted that: (1) GAO's review found serious and pervasive problems that essentially render EPA's agencywide information security program ineffective; (2) current security program planning and management is largely a paper exercise that has done little to subs...
Information Security: Responses to Posthearing Questions
AIMD-00-46R: Published: Nov 30, 1999. Publicly Released: Nov 30, 1999.
Pursuant to a congressional request, GAO responded to questions concerning its October 1999 testimony on the information security weaknesses at 22 federal agencies, focusing on: (1) whether GAO has taken the necessary steps since its previous testimony to ensure that identified security lapses at three agencies were quickly and permanently closed; (2) how agencies are addressing and responding to...
Information Systems: The Status of Computer Security at the Department of Veterans Affairs
AIMD-00-5: Published: Oct 4, 1999. Publicly Released: Oct 4, 1999.
Pursuant to a legislative requirement, GAO reported on the status of computer security throughout the Department of Veterans Affairs (VA).GAO noted that: (1) in September 1998, GAO reported that VA's information system controls placed critical department operations, such as financial management, health care delivery, benefit payments, and other operations, at risk of misuse and disruption; (2) sin...
Information Security: The Proposed Computer Security Enhancement Act of 1999
T-AIMD-99-302: Published: Sep 30, 1999. Publicly Released: Sep 30, 1999.
Pursuant to a congressional request, GAO discussed the proposed Computer Security Enhancement Act of 1999 (H.R. 2413), focusing on: (1) the urgent need to strengthen computer security across the federal government; (2) the current and future privacy concerns with any computer security legislation; (3) GAO's views on the proposed act; and (4) what can be done to further strengthen security program...
DOD Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk
AIMD-99-107: Published: Aug 26, 1999. Publicly Released: Aug 26, 1999.
GAO updated its previous report on the security of the Department of Defense's (DOD) information systems, focusing on DOD's efforts to: (1) address specific weaknesses identified in GAO's 1996 reports; and (2) develop a comprehensive departmentwide information security program.GAO noted that: (1) serious weaknesses in DOD information security continue to provide both hackers and hundreds of thousa...
Information Security Risk Assessment: Practices of Leading Organizations (Exposure Draft)
AIMD-99-139: Published: Aug 1, 1999. Publicly Released: Aug 1, 1999.
GAO published a guide to aid federal managers in implementing an ongoing information security risk assessment process. GAO provided case studies of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices...
USDA Information Security: Weaknesses at National Finance Center Increase Risk of Fraud, Misuse, and Improper Disclosure
AIMD-99-227: Published: Jul 30, 1999. Publicly Released: Jul 30, 1999.
Pursuant to a legislative requirement, GAO provided information on the quality of the Department of Agriculture's (USDA) information security at its National Finance Center (NFC).GAO noted that: (1) serious access control weaknesses affected NFC's ability to prevent or detect unauthorized changes to payroll and other payment data or computer software, control electronic access to Thrift Savings Pr...