Information security (41 - 50 of 264 items)
Information Security: IRS Has Improved Controls but Needs to Resolve Weaknesses
GAO-13-350: Published: Mar 15, 2013. Publicly Released: Mar 15, 2013.
IRS continued to make progress in addressing information security control weaknesses, improving its internal control over financial reporting. During fiscal year 2012, IRS management devoted attention and resources to addressing information security controls, and resolved a significant number of the information security control deficiencies that GAO previously reported. Notable among these efforts...
Cybersecurity: A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges
GAO-13-462T: Published: Mar 7, 2013. Publicly Released: Mar 7, 2013.
The federal government continues to face challenges in a number of key areas in effectively implementing cybersecurity; these challenge areas include the following, among others:Designing and implementing risk-based cybersecurity programs at federal agencies. Shortcomings persist in assessing risks, developing and implementing security programs, and monitoring results at federal agencies. This is...
Information Security: Actions Needed by Census Bureau to Address Weaknesses
GAO-13-63: Published: Jan 22, 2013. Publicly Released: Feb 20, 2013.
Although the Census Bureau has taken steps to safeguard the information and systems that support its mission, it has not effectively implemented appropriate information security controls to protect those systems. Many of the deficiencies relate to the security controls used to regulate who or what can access the bureau's systems (access controls). For example, the bureau did not adequately: contro...
Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented
GAO-13-187: Published: Feb 14, 2013. Publicly Released: Feb 14, 2013.
Threats to systems supporting critical infrastructure and federal operations are evolving and growing. Federal agencies have reported increasing numbers of cybersecurity incidents that have placed sensitive information at risk, with potentially serious impacts on federal and military operations; critical infrastructure; and the confidentiality, integrity, and availability of sensitive government,...
Information Security: Federal Communications Commission Needs to Strengthen Controls over Enhanced Secured Network Project
GAO-13-155: Published: Jan 25, 2013. Publicly Released: Feb 1, 2013.
The Federal Communications Commission (FCC) did not effectively implement appropriate information security controls in the initial components of the Enhanced Secured Network (ESN) project. Although FCC took steps to enhance its ability to control and monitor its network for security threats, weaknesses identified in the commission's deployment of components of the ESN project as of August 2012 res...
Medical Devices: FDA Should Expand Its Consideration of Information Security for Certain Types of Devices
GAO-12-816: Published: Aug 31, 2012. Publicly Released: Sep 27, 2012.
Several information security threats exist that can exploit vulnerabilities in active implantable medical devices, but experts caution that efforts to mitigate information security risks may adversely affect device performance. Threats to active devicesthat is, devices that rely on a power source to operatethat also have wireless capability can be unintentional, such as interference fr...
Information Security: Environmental Protection Agency Needs to Resolve Weaknesses
GAO-12-696: Published: Jul 19, 2012. Publicly Released: Aug 20, 2012.
Although the Environmental Protection Agency (EPA) has taken steps to safeguard the information and systems that support its mission, security control weaknesses pervaded its systems and networks, thereby jeopardizing the agencys ability to sufficiently protect the confidentiality, integrity, and availability of its information and systems. The agency did not fully implement access controls,...
Cybersecurity: Threats Impacting the Nation
GAO-12-666T: Published: Apr 24, 2012. Publicly Released: Apr 24, 2012.
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal gr...
IT Supply Chain: Additional Efforts Needed by National Security-Related Agencies to Address Risks
GAO-12-579T: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a systems development life cycle and could create an unacceptable risk to federal agencies. Key supply chain-related threats includeinstallation of intentionally harmful hardware o...
Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-12-393: Published: Mar 16, 2012. Publicly Released: Mar 16, 2012.
IRS implemented numerous controls and procedures intended to protect key financial and tax-processing systems; nevertheless, control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRSs systems. Specifically, the agency continues to face challenges in controlling access to its...