Information security (11 - 20 of 265 items)
Information Security: Opportunities Exist for SEC to Improve Its Controls over Financial Systems and Data
GAO-16-493: Published: Apr 28, 2016. Publicly Released: Apr 28, 2016.
The Securities and Exchange Commission (SEC) improved its information security by addressing weaknesses previously identified by GAO, including separating the user production network from the internal management network. However, weaknesses continue to limit the effectiveness of other security controls. In particular:While SEC had issued policies and implemented controls based on those policies, i...
Information Security: IRS Needs to Further Enhance Controls over Taxpayer and Financial Data
GAO-16-590T: Published: Apr 14, 2016. Publicly Released: Apr 14, 2016.
In March 2016 GAO reported that the Internal Revenue Service (IRS) had instituted numerous controls over key financial and tax processing systems; however, it had not always effectively implemented safeguards intended to properly restrict access to systems and information. In particular, while IRS had improved some of its access controls, weaknesses remained with identifying and authenticating use...
Information Security: IRS Needs to Further Improve Controls over Taxpayer Data and Continue to Combat Identity Theft Refund Fraud
GAO-16-589T: Published: Apr 12, 2016. Publicly Released: Apr 12, 2016.
In March 2016, GAO reported that the Internal Revenue Service (IRS) had instituted numerous controls over key financial and tax processing systems; however, it had not always effectively implemented other controls intended to properly restrict access to systems and information, among other security measures. In particular, while IRS had improved some of its access controls, weaknesses remained in...
Information Security: IRS Needs to Further Improve Controls over Financial and Taxpayer Data
GAO-16-398: Published: Mar 28, 2016. Publicly Released: Mar 28, 2016.
The Internal Revenue Service (IRS) made progress in implementing information security controls; however, weaknesses in the controls limited their effectiveness in protecting the confidentiality, integrity, and availability of financial and sensitive taxpayer data. During fiscal year 2015, IRS continued to devote attention to securing its information systems that process sensitive taxpayer and fina...
Healthcare.gov: Actions Needed to Enhance Information Security and Privacy Controls
GAO-16-265: Published: Mar 23, 2016. Publicly Released: Mar 23, 2016.
The Centers for Medicare & Medicaid Services (CMS) reported 316 security-related incidents, between October 2013 and March 2015, affecting Healthcare.gov—the web portal for the federal health insurance marketplace—and its supporting systems. According to GAO's review of CMS records for this period, the majority of these incidents involved such things as electronic probing of CMS systems by pot...
Information Security: DHS Needs to Enhance Capabilities, Improve Planning, and Support Greater Adoption of Its National Cybersecurity Protection System
GAO-16-294: Published: Jan 28, 2016. Publicly Released: Jan 28, 2016.
The Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS) is partially, but not fully, meeting its stated system objectives:Intrusion detection: NCPS provides DHS with a limited ability to detect potentially malicious activity entering and exiting computer networks at federal agencies. Specifically, NCPS compares network traffic to known patterns of malicious data...
Information Security: Department of Education and Other Federal Agencies Need to Better Implement Controls
GAO-16-228T: Published: Nov 17, 2015. Publicly Released: Nov 17, 2015.
Cyber-based risks to federal systems and information can come from unintentional threats, such as natural disasters, software coding errors, and poorly trained or careless employees, or intentional threats, such as disgruntled insiders, hackers, or hostile nations. These threat sources may exploit vulnerabilities in agencies' systems and networks to steal or disclose sensitive information, among o...
Information Security: Federal Agencies Need to Better Protect Sensitive Data
GAO-16-194T: Published: Nov 17, 2015. Publicly Released: Nov 17, 2015.
Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from software coding errors or the actions of careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, terrorists, disgruntled employees or other organizational insiders, among others. These concerns are further...
Federal Information Security: Agencies Need to Correct Weaknesses and Fully Implement Security Programs
GAO-15-714: Published: Sep 29, 2015. Publicly Released: Sep 29, 2015.
Persistent weaknesses at 24 federal agencies illustrate the challenges they face in effectively applying information security policies and practices. Most agencies continue to have weaknesses in (1) limiting, preventing, and detecting inappropriate access to computer resources; (2) managing the configuration of software and hardware; (3) segregating duties to ensure that a single individual does n...
Information Security: Cyber Threats and Data Breaches Illustrate Need for Stronger Controls across Federal Agencies
GAO-15-758T: Published: Jul 8, 2015. Publicly Released: Jul 8, 2015.
Federal systems face an evolving array of cyber-based threats. These threats can be unintentional—for example, from equipment failure or careless or poorly trained employees; or intentional—targeted or untargeted attacks from criminals, hackers, adversarial nations, or terrorists, among others. Threat actors use a variety of attack techniques that can adversely affect federal information, comp...