Cyber security (11 - 20 of 48 items)
Information Security: Federal Agencies Need to Enhance Responses to Data Breaches
GAO-14-487T: Published: Apr 2, 2014. Publicly Released: Apr 2, 2014.
The number of reported information security incidents involving personally identifiable information (PII) has more than doubled over the last several years (see figure).Information Security Incidents Involving PII, Fiscal Years 2009 – 2013As GAO has previously reported, major federal agencies continue to face challenges in fully implementing all components of an agency-wide information security...
Cybersecurity: A Better Defined and Implemented National Strategy Is Needed to Address Persistent Challenges
GAO-13-462T: Published: Mar 7, 2013. Publicly Released: Mar 7, 2013.
The federal government continues to face challenges in a number of key areas in effectively implementing cybersecurity; these challenge areas include the following, among others:Designing and implementing risk-based cybersecurity programs at federal agencies. Shortcomings persist in assessing risks, developing and implementing security programs, and monitoring results at federal agencies. This is...
Cybersecurity: Threats Impacting the Nation
GAO-12-666T: Published: Apr 24, 2012. Publicly Released: Apr 24, 2012.
The nation faces an evolving array of cyber-based threats arising from a variety of sources. These threats can be intentional or unintentional. Unintentional threats can be caused by software upgrades or defective equipment that inadvertently disrupt systems, and intentional threats can be both targeted and untargeted attacks from a variety of threat sources. Sources of threats include criminal gr...
IT Supply Chain: Additional Efforts Needed by National Security-Related Agencies to Address Risks
GAO-12-579T: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a systems development life cycle and could create an unacceptable risk to federal agencies. Key supply chain-related threats includeinstallation of intentionally harmful hardware o...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure
GAO-11-865T: Published: Jul 26, 2011. Publicly Released: Jul 26, 2011.
Increasing computer interconnectivity, such as the growth of the Internet, has revolutionized the way our government, our nation, and much of the world communicate and conduct business. However, this widespread interconnectivity poses significant risks to the government's and the nation's computer systems, and to the critical infrastructures they support. These critical infrastructures include sys...
Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing
GAO-10-855T: Published: Jul 1, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal...
Cybersecurity: Continued Attention Is Needed to Protect Federal Information Systems from Evolving Threats
GAO-10-834T: Published: Jun 16, 2010. Publicly Released: Jun 16, 2010.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent testimony, the Director of National Intelligence highlighted that many nation states, terrorist networks, and organized criminal groups have the capability to target elements of the United States information infrastructure for intelligence colle...
Information Security: Veterans Affairs Needs to Resolve Long-Standing Weaknesses
GAO-10-727T: Published: May 19, 2010. Publicly Released: May 19, 2010.
Since 1997, GAO has identified information security as a governmentwide high-risk issue. This has been particularly true at the Department of Veterans Affairs (VA), where the department has been challenged in protecting the availability, confidentiality, and integrity of its information and systems. Since the 1990s, GAO has highlighted the challenges the department has faced, including the need to...
Information Security: Concerted Effort Needed to Consolidate and Secure Internet Connections at Federal Agencies
GAO-10-237: Published: Mar 12, 2010. Publicly Released: Apr 12, 2010.
To reduce the threat to federal systems and operations posed by cyber attacks on the United States, the Office of Management and Budget (OMB) launched, in November 2007, the Trusted Internet Connections (TIC) initiative, and later, in 2008, the Department of Homeland Security's (DHS) National Cybersecurity Protection System (NCPS), operationally known as Einstein, became mandatory for federal agen...