Information technology (51 - 60 of 70 items)
Information Security: Veterans Affairs Needs to Address Long-Standing Weaknesses
GAO-07-532T: Published: Feb 28, 2007. Publicly Released: Feb 28, 2007.
Security breaches at the Department of Veterans Affairs (VA) and other public and private organizations have highlighted the importance of well-designed and implemented information security programs. GAO was asked to testify on its past work on VA's information security program, as well as ongoing reviews that it is conducting at VA. In developing its testimony, GAO drew on over 15 of its previous...
Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing
GAO-07-65: Published: Oct 20, 2006. Publicly Released: Nov 20, 2006.
Agencies rely extensively on computerized information systems and electronic data to carry out their missions. To ensure the security of the information and information systems that support critical operations and infrastructure, federal law and policy require agencies to periodically test and evaluate the effectiveness of their information security controls at least annually. GAO was asked to eva...
Information Assurance: National Partnership Offers Benefits, but Faces Considerable Challenges
GAO-06-392: Published: Mar 24, 2006. Publicly Released: Mar 24, 2006.
In 1997, the National Security Agency and the National Institute of Standards and Technology formed the National Information Assurance Partnership (NIAP) to boost federal agencies' and consumers' confidence in information security products manufactured by vendors. To facilitate this goal, NIAP developed a national program that requires accredited laboratories to independently evaluate and validate...
Information Security: Key Considerations Related to Federal Implementation of Radio Frequency Identification Technology
GAO-05-849T: Published: Jun 22, 2005. Publicly Released: Jun 22, 2005.
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which can offer them new capabilities and efficiencies in operations. For example, t...
Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems
GAO-05-231: Published: May 13, 2005. Publicly Released: Jun 13, 2005.
Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors...
Information Security: Radio Frequency Identification Technology in the Federal Government
GAO-05-551: Published: May 27, 2005. Publicly Released: May 27, 2005.
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which offers them new capabilities and efficiencies in operations. The reduced cost...
Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk
GAO-05-362: Published: Apr 22, 2005. Publicly Released: May 23, 2005.
The federal government increasingly relies on information technology (IT) systems to provide essential services affecting the health, economy, and defense of the nation. To assist in providing these important services, the federal government relies extensively on contractors to provide IT services and systems. In addition to contractors that provide systems and services to the federal government,...
Information Security: Federal Agencies Need to Improve Controls over Wireless Networks
GAO-05-383: Published: May 17, 2005. Publicly Released: May 17, 2005.
The use of wireless networks is becoming increasingly popular. Wireless networks extend the range of traditional wired networks by using radio waves to transmit data to wireless-enabled devices such as laptops. They can offer federal agencies many potential benefits but they are difficult to secure. GAO was asked to study the security of wireless networks operating within federal facilities. This...
Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements
GAO-05-483T: Published: Apr 7, 2005. Publicly Released: Apr 7, 2005.
For many years, GAO has reported that poor information security is a widespread problem that has potentially devastating consequences. Further, since 1997, GAO has identified information security as a governmentwide high-risk issue in reports to Congress--most recently in January 2005. Concerned with accounts of attacks on commercial systems via the Internet and reports of significant weaknesses i...
Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes
GAO-04-816T: Published: Jun 2, 2004. Publicly Released: Jun 2, 2004.
Flaws in software code can introduce vulnerabilities that may be exploited to cause significant damage to federal information systems. Such risks continue to grow with the increasing speed, sophistication, and volume of reported attacks, as well as the decreasing period of the time from vulnerability announcement to attempted exploits. The process of applying software patches to fix flaws--patch m...