Information management (21 - 30 of 46 items)
Information Security: Protecting Personally Identifiable Information
GAO-08-343: Published: Jan 25, 2008. Publicly Released: Feb 22, 2008.
The loss of personally identifiable information can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information. As shown in prior GAO reports, compromises to such information and long-standing weaknesses in federal information security raise important questions about what steps federal agencies should take t...
Veterans Affairs: Sustained Management Commitment and Oversight Are Essential to Completing Information Technology Realignment and Strengthening Information Security
GAO-07-1264T: Published: Sep 26, 2007. Publicly Released: Sep 26, 2007.
The Department of Veterans Affairs (VA) has encountered numerous challenges in managing its information technology (IT) and securing its information systems. In October 2005, the department initiated a realignment of its IT program to provide greater authority and accountability over its resources. The May 2006 security incident highlighted the need for additional actions to secure personal inform...
Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs
GAO-07-1019: Published: Sep 7, 2007. Publicly Released: Sep 19, 2007.
In May 2006, the Department of Veterans Affairs (VA) announced that computer equipment containing personal information on approximately 26.5 million veterans and active duty military personnel had been stolen. Given the importance of information technology (IT) to VA's mission, effective information security controls are critical to maintaining public and veteran confidence in its ability to prote...
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing
GAO-07-65: Published: Oct 20, 2006. Publicly Released: Nov 20, 2006.
Agencies rely extensively on computerized information systems and electronic data to carry out their missions. To ensure the security of the information and information systems that support critical operations and infrastructure, federal law and policy require agencies to periodically test and evaluate the effectiveness of their information security controls at least annually. GAO was asked to eva...
Managing Sensitive Information: DOJ Needs a More Complete Staffing Strategy for Managing Classified Information and a Set of Internal Controls for Other Sensitive Information
GAO-07-83: Published: Oct 20, 2006. Publicly Released: Nov 20, 2006.
The September 11 attacks showed that agencies must balance the need to protect and share sensitive information to prevent future attacks. Agencies classify this information or designate it sensitive but unclassified to protect and limit access to it. The National Archives' Information Security Oversight Office (ISOO) assesses agencies' classification management programs, and in July 2004 and April...
Privacy: Preventing and Responding to Improper Disclosures of Personal Information
GAO-06-833T: Published: Jun 8, 2006. Publicly Released: Jun 8, 2006.
The recent security breach at the Department of Veterans Affairs, in which personal data on millions of veterans were compromised, has highlighted the importance of the federal government's processes for protecting personal information. As the federal government obtains and processes information about individuals in increasingly diverse ways, it remains critically important that it properly protec...
Information Assurance: National Partnership Offers Benefits, but Faces Considerable Challenges
GAO-06-392: Published: Mar 24, 2006. Publicly Released: Mar 24, 2006.
In 1997, the National Security Agency and the National Institute of Standards and Technology formed the National Information Assurance Partnership (NIAP) to boost federal agencies' and consumers' confidence in information security products manufactured by vendors. To facilitate this goal, NIAP developed a national program that requires accredited laboratories to independently evaluate and validate...
Managing Sensitive Information: DOE and DOD Could Improve Their Policies and Oversight
GAO-06-531T: Published: Mar 14, 2006. Publicly Released: Mar 14, 2006.
In the interest of national security and personal privacy and for other reasons, federal agencies place dissemination restrictions on information that is unclassified yet still sensitive. The Department of Energy (DOE) and the Department of Defense (DOD) have both issued policy guidance on how and when to protect sensitive information. DOE marks documents with this information as Official Use Only...
Information Security: Software Change Controls at the Department of Agriculture
AIMD-00-186R: Published: Jun 30, 2000. Publicly Released: Jun 30, 2000.
Pursuant to a congressional request, GAO reviewed software change controls at the Department of Agriculture (USDA), focusing on: (1) whether key controls as described in agency policies and procedures regarding software change authorization, testing, and approval complied with federal guidance; and (2) the extent to which agencies contracted for year 2000 remediation of mission-critical systems an...