Computer security policies (11 - 20 of 21 items)
Information Security: 'ILOVEYOU' Computer Virus Emphasizes Critical Need for Agency and Governmentwide Improvements
T-AIMD-00-171: Published: May 10, 2000. Publicly Released: May 10, 2000.
Pursuant to a congressional request, GAO discussed the "ILOVEYOU" computer virus, focusing on the need for agency and governmentwide improvements in information security.GAO noted that: (1) ILOVEYOU is both a virus and a worm; (2) the damage resulting from this particular hybrid is limited to users of the Microsoft Windows operating system; (3) ILOVEYOU typically comes in the form of an electronic...
VA Systems Security: Information System Controls at the VA Maryland Health Care System
AIMD-00-117R: Published: Apr 19, 2000. Publicly Released: Apr 19, 2000.
Pursuant to a legislative requirement, GAO assessed the effectiveness of information system general controls at the Department of Veterans Affairs' Maryland Health Care System (VAMHCS).GAO noted that: (1) there are significant weaknesses that pose a risk of inadvertent or deliberate misuse, fraudulent use, improper disclosure, and destruction of financial and sensitive veteran medical information;...
VA Systems Security: Information System Controls at the North Texas Health Care System
AIMD-00-52R: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a legislative requirement, GAO reviewed the weaknesses of the North Texas Health Care System's (NTHCS) information system general controls and the status of corrective actions taken to mitigate these weaknesses.GAO noted that: (1) NTHCS made progress in correcting specific computer security weaknesses that GAO identified in its previous evaluation of information system general controls...
Information Security: Weaknesses at 22 Agencies
AIMD-00-32R: Published: Nov 10, 1999. Publicly Released: Nov 10, 1999.
Pursuant to a congressional request, GAO reviewed computer security weaknesses within 22 federal agencies' operations.GAO noted that: (1) the Department of Agriculture's National Finance Center had serious access control weaknesses that affected its ability to prevent or detect unauthorized changes to payroll and other payment data or computer software; (2) the Department of Commerce Inspector Gen...
Information Security: SSA's Computer Intrusion Detection Capabilities
AIMD-00-16R: Published: Oct 27, 1999. Publicly Released: Oct 27, 1999.
GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse.GAO noted that: (1) while SSA has a basic system and network management policies and procedures that provide a foundation for more effective intrusion and misuse detection capabil...
USDA Information Security: Weaknesses at National Finance Center Increase Risk of Fraud, Misuse, and Improper Disclosure
AIMD-99-227: Published: Jul 30, 1999. Publicly Released: Jul 30, 1999.
Pursuant to a legislative requirement, GAO provided information on the quality of the Department of Agriculture's (USDA) information security at its National Finance Center (NFC).GAO noted that: (1) serious access control weaknesses affected NFC's ability to prevent or detect unauthorized changes to payroll and other payment data or computer software, control electronic access to Thrift Savings Pr...
Information Security: Many NASA Missions-Critical Systems Face Serious Risks
AIMD-99-47: Published: May 20, 1999. Publicly Released: May 20, 1999.
Pursuant to a congressional request, GAO provided information on the National Aeronautics and Space Administration's (NASA) information security program, focusing on: (1) whether NASA's mission-critical information systems are vulnerable to unauthorized access; (2) whether NASA is effectively managing information systems security; and (3) what NASA is doing to address the risk of unauthorized acce...
Air Traffic Control: Weak Computer Security Practices Jeopardize Flight Safety
AIMD-98-155: Published: May 18, 1998. Publicly Released: May 19, 1998.
Pursuant to a congressional request, GAO reviewed the Federal Aviation Administration's (FAA) computer security practices, focusing on: (1) whether FAA is effectively managing physical security at air traffic control (ATC) facilities and systems security for its current operational systems; (2) whether FAA is effectively managing systems security for future ATC modernization systems; and (3) the e...
Information Security: Serious Weaknesses Put State Department and FAA Operations at Risk
T-AIMD-98-170: Published: May 19, 1998. Publicly Released: May 19, 1998.
Pursuant to a congressional request, GAO discussed its work on computer security, focusing on the results of its recent reviews of the Department of State and the Federal Aviation Administration (FAA).GAO noted that: (1) the dramatic increase in computer interconnectivity and the popularity of the Internet are offering government agencies unprecedented opportunities to improve operations by reduci...
Information Security: Computer Attacks at Department of Defense Pose Increasing Risks
T-AIMD-96-92: Published: May 22, 1996. Publicly Released: May 22, 1996.
GAO discussed information security procedures at the Department of Defense (DOD). GAO noted that: (1) as many as 250,000 DOD computer systems were attacked in 1995; (2) hackers successfully penetrate DOD computer systems 65 percent of the time; (3) hackers attack DOD computer systems to steal and destroy sensitive data and install reentry devices; (4) these attacks cost the government over half a...