Risk assessment (1 - 10 of 18 items)
Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress
GAO-16-79: Published: Nov 19, 2015. Publicly Released: Nov 19, 2015.
Sector-specific agencies (SSA) determined the significance of cyber risk to networks and industrial control systems for all 15 of the sectors in the scope of GAO's review. Specifically, they determined that cyber risk was significant for 11 of 15 sectors. Although the SSAs for the remaining four sectors had not determined cyber risks to be significant during their 2010 sector-specific planning pro...
Maritime Critical Infrastructure Protection: DHS Needs to Enhance Efforts to Address Port Cybersecurity
GAO-16-116T: Published: Oct 8, 2015. Publicly Released: Oct 8, 2015.
Similar to other critical infrastructures, the nation's ports face an evolving array of cyber-based threats. These can come from insiders, criminals, terrorists, or other hostile sources and may employ a variety of techniques or exploits, such as denial-of-service attacks and malicious software. By exploiting vulnerabilities in information and communications technologies supporting port operations...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing
GAO-10-855T: Published: Jul 1, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal...
Information Security: Concerted Response Needed to Resolve Persistent Weaknesses
GAO-10-536T: Published: Mar 24, 2010. Publicly Released: Mar 24, 2010.
Without proper safeguards, federal computer systems are vulnerable to intrusions by individuals who have malicious intentions and can obtain sensitive information. The need for a vigilant approach to information security has been demonstrated by the pervasive and sustained cyber attacks against the United States; these attacks continue to pose a potentially devastating impact to systems as well as...
Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk
GAO-09-661T: Published: May 5, 2009. Publicly Released: May 5, 2009.
Information security is a critical consideration for any organization that depends on information systems and computer networks to carry out its mission or business. It is especially important for government agencies, where maintaining the public's trust is essential. The need for a vigilant approach to information security has been demonstrated by the pervasive and sustained computerbased (cyber)...
Information Security: Actions Needed to Better Protect Los Alamos National Laboratory's Unclassified Computer Network
GAO-08-1001: Published: Sep 9, 2008. Publicly Released: Sep 26, 2008.
The Los Alamos National Laboratory (LANL), which is operated by the National Nuclear Security Administration (NNSA), has experienced security lapses protecting information on its unclassified computer network. The unclassified network contains sensitive information. GAO (1) assessed the effectiveness of the security controls LANL has in place to protect information transmitted over its unclassifie...
Nuclear Security: Los Alamos National Laboratory Faces Challenges In Sustaining Physical and Cyber Security Improvements
GAO-08-1180T: Published: Sep 25, 2008. Publicly Released: Sep 25, 2008.
Los Alamos National Laboratory (LANL) is one of three National Nuclear Security Administration (NNSA) laboratories that designs and develops nuclear weapons for the U.S. stockpile. LANL employees rely on sensitive and classified information and assets that are protected at different levels, depending on the risks posed if they were lost, stolen, or otherwise compromised. However, LANL has experien...
Critical Infrastructure Protection: DHS Needs to Better Address Its Cybersecurity Responsibilities
GAO-08-1157T: Published: Sep 16, 2008. Publicly Released: Sep 16, 2008.
Recent cyber attacks demonstrate the potentially devastating impact these pose to our nation's computer systems and to the federal operations and critical infrastructures that they support. They also highlight that we need to be vigilant against individuals and groups with malicious intent, such as criminals, terrorists, and nation-states perpetuating these attacks. Federal law and policy establis...
Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks
GAO-08-526: Published: May 21, 2008. Publicly Released: May 21, 2008.
Securing the control systems that regulate the nation's critical infrastructures is vital to ensuring our economic security and public health and safety. The Tennessee Valley Authority (TVA), a federal corporation and the nation's largest public power company, generates and distributes power in an area of about 80,000 square miles in the southeastern United States. GAO was asked to determine wheth...