Information systems (41 - 50 of 57 items)
Critical Infrastructure Protection: Comments on the National Plan for Information Systems Protection
T-AIMD-00-72: Published: Feb 1, 2000. Publicly Released: Feb 1, 2000.
Pursuant to a congressional request, GAO discussed the National Plan for Information Systems Protection, focusing on: (1) a detailed overview of the plan; (2) opportunities for sharpening the plan's proposals for improving the federal government's security programs; and (3) the challenges facing the government in building the public-private partnerships necessary for comprehensive infrastructure p...
Information Security: Responses to Posthearing Questions
AIMD-00-46R: Published: Nov 30, 1999. Publicly Released: Nov 30, 1999.
Pursuant to a congressional request, GAO responded to questions concerning its October 1999 testimony on the information security weaknesses at 22 federal agencies, focusing on: (1) whether GAO has taken the necessary steps since its previous testimony to ensure that identified security lapses at three agencies were quickly and permanently closed; (2) how agencies are addressing and responding to...
Information Security: Weaknesses at 22 Agencies
AIMD-00-32R: Published: Nov 10, 1999. Publicly Released: Nov 10, 1999.
Pursuant to a congressional request, GAO reviewed computer security weaknesses within 22 federal agencies' operations.GAO noted that: (1) the Department of Agriculture's National Finance Center had serious access control weaknesses that affected its ability to prevent or detect unauthorized changes to payroll and other payment data or computer software; (2) the Department of Commerce Inspector Gen...
Information Security: SSA's Computer Intrusion Detection Capabilities
AIMD-00-16R: Published: Oct 27, 1999. Publicly Released: Oct 27, 1999.
GAO reviewed the Social Security Administration's (SSA) computing environment, focusing on its policies, procedures, and techniques designed to detect, respond to, and report on incidents of computer intrusion and misuse.GAO noted that: (1) while SSA has a basic system and network management policies and procedures that provide a foundation for more effective intrusion and misuse detection capabil...
Critical Infrastructure Protection: Fundamental Improvements Needed to Assure Security of Federal Operations
T-AIMD-00-7: Published: Oct 6, 1999. Publicly Released: Oct 6, 1999.
Pursuant to a congressional request, GAO discussed the computer security aspects of critical infrastructure protection, focusing on federal agency performance in addressing computer security issues.GAO noted that: (1) reports issued by GAO and various Inspectors General over the last 5 years describe persistent computer security weaknesses that place federal operations at risk of disruption, fraud...
Information Security: The Proposed Computer Security Enhancement Act of 1999
T-AIMD-99-302: Published: Sep 30, 1999. Publicly Released: Sep 30, 1999.
Pursuant to a congressional request, GAO discussed the proposed Computer Security Enhancement Act of 1999 (H.R. 2413), focusing on: (1) the urgent need to strengthen computer security across the federal government; (2) the current and future privacy concerns with any computer security legislation; (3) GAO's views on the proposed act; and (4) what can be done to further strengthen security program...
DOD Information Security: Serious Weaknesses Continue to Place Defense Operations at Risk
AIMD-99-107: Published: Aug 26, 1999. Publicly Released: Aug 26, 1999.
GAO updated its previous report on the security of the Department of Defense's (DOD) information systems, focusing on DOD's efforts to: (1) address specific weaknesses identified in GAO's 1996 reports; and (2) develop a comprehensive departmentwide information security program.GAO noted that: (1) serious weaknesses in DOD information security continue to provide both hackers and hundreds of thousa...
Information Security: Answers to Posthearing Questions
AIMD-99-272R: Published: Aug 9, 1999. Publicly Released: Aug 9, 1999.
Pursuant to a congressional request, GAO responded to congressional questions regarding its June 24, 1999, testimony on the need for stronger information security management, focusing on: (1) the effectiveness of federal agencies' implementation of the 1987 Computer Security Act; (2) what gaps the Presidential Decision Directive (PDD) No. 63 will fill within existing federal programs that would im...
Information Security Risk Assessment: Practices of Leading Organizations (Exposure Draft)
AIMD-99-139: Published: Aug 1, 1999. Publicly Released: Aug 1, 1999.
GAO published a guide to aid federal managers in implementing an ongoing information security risk assessment process. GAO provided case studies of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessment practices...
Information Security: Recent Attacks on Federal Web Sites Underscore Need for Stronger Information Security Management
T-AIMD-99-223: Published: Jun 24, 1999. Publicly Released: Jun 24, 1999.
Pursuant to a congressional request, GAO discussed the recent break-ins of federal web sites.GAO noted that: (1) the recent series of attacks on federal web sites have primarily focused on defacing, or vandalizing web site content or initiating denial of service attacks in order to crash servers; (2) fortunately, the consequences of recent attacks on federal web sites have been largely confined to...