Information resources management (81 - 90 of 120 items)
Information Security: Comments on Proposed Government Information Act of 1999
T-AIMD-00-107: Published: Mar 2, 2000. Publicly Released: Mar 2, 2000.
Pursuant to a congressional request, GAO discussed S. 1993, the Government Information Security Act of 1999 and its impact on strengthening the information security practices throughout the federal government, focusing on: (1) potential improvements in federal agency performance in addressing computer security issues; (2) the need for better-defined control standards; and (3) centralized leadershi...
Computer Security: Reported Appropriations and Obligations for Four Major Initiatives
AIMD-00-92R: Published: Feb 28, 2000. Publicly Released: Feb 28, 2000.
Pursuant to a congressional request, GAO provided information on fiscal years 1998 through 2000 appropriations and obligations for four major computer security initiatives, including: (1) the Federal Bureau of Investigation's National Infrastructure Protection Center (NIPC); (2) the Department of Defense's (DOD) Joint Task Force on Computer Network Defense (JTF-CND); (3) the General Services Admin...
Information Security: Fundamental Weaknesses Place EPA Data and Operations at Risk
T-AIMD-00-97: Published: Feb 17, 2000. Publicly Released: Feb 17, 2000.
Pursuant to a congressional request, GAO discussed its recent review of information security at the Environmental Protection Agency (EPA).GAO noted that: (1) GAO's review found serious and pervasive problems that essentially render EPA's agencywide information security program ineffective; (2) current security program planning and management is largely a paper exercise that has done little to subs...
Critical Infrastructure Protection: National Plan for Information Systems Protection
AIMD-00-90R: Published: Feb 11, 2000. Publicly Released: Feb 11, 2000.
Pursuant to a congressional request, GAO assessed national security legal authorities related to infrastructure protection, focusing on the administration's National Plan for Information Systems Protection.GAO noted that: (1) the National Plan for Information Systems Protection is an important and positive step toward building the cyber-defense necessary to protect critical information assets and...
Critical Infrastructure Protection: Comments on the National Plan for Information Systems Protection
T-AIMD-00-72: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a congressional request, GAO discussed the National Plan for Information Systems Protection, focusing on: (1) a detailed overview of the plan; (2) opportunities for sharpening the plan's proposals for improving the federal government's security programs; and (3) the challenges facing the government in building the public-private partnerships necessary for comprehensive infrastructure p...
VA Systems Security: Information System Controls at the North Texas Health Care System
AIMD-00-52R: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a legislative requirement, GAO reviewed the weaknesses of the North Texas Health Care System's (NTHCS) information system general controls and the status of corrective actions taken to mitigate these weaknesses.GAO noted that: (1) NTHCS made progress in correcting specific computer security weaknesses that GAO identified in its previous evaluation of information system general controls...
Information Security: Responses to Posthearing Questions
AIMD-00-46R: Published: Nov 30, 1999. Publicly Released: Nov 30, 1999.
Pursuant to a congressional request, GAO responded to questions concerning its October 1999 testimony on the information security weaknesses at 22 federal agencies, focusing on: (1) whether GAO has taken the necessary steps since its previous testimony to ensure that identified security lapses at three agencies were quickly and permanently closed; (2) how agencies are addressing and responding to...
Information Security: Weaknesses at 22 Agencies
AIMD-00-32R: Published: Nov 10, 1999. Publicly Released: Nov 10, 1999.
Pursuant to a congressional request, GAO reviewed computer security weaknesses within 22 federal agencies' operations.GAO noted that: (1) the Department of Agriculture's National Finance Center had serious access control weaknesses that affected its ability to prevent or detect unauthorized changes to payroll and other payment data or computer software; (2) the Department of Commerce Inspector Gen...
Information Security Risk Assessment: Practices of Leading Organizations
AIMD-00-33: Published: Nov 1, 1999. Publicly Released: Nov 1, 1999.
This document is a supplement to GAO's May 1998 executive guide on information security management. It is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessmen...
Information Security: SSA's Computer Intrusion Detection Capabilities
AIMD-00-16R: Published: Oct 27, 1999. Publicly Released: Oct 27, 1999.
GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse.GAO noted that: (1) while SSA has a basic system and network management policies and procedures that provide a foundation for more effective intrusion and misuse detection capabil...