Risk management (11 - 20 of 68 items)
Information Security: Federal Communications Commission Needs to Strengthen Controls over Enhanced Secured Network Project
GAO-13-155: Published: Jan 25, 2013. Publicly Released: Feb 1, 2013.
The Federal Communications Commission (FCC) did not effectively implement appropriate information security controls in the initial components of the Enhanced Secured Network (ESN) project. Although FCC took steps to enhance its ability to control and monitor its network for security threats, weaknesses identified in the commission's deployment of components of the ESN project as of August 2012 res...
IT Supply Chain: Additional Efforts Needed by National Security-Related Agencies to Address Risks
GAO-12-579T: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a systems development life cycle and could create an unacceptable risk to federal agencies. Key supply chain-related threats includeinstallation of intentionally harmful hardware o...
Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use
GAO-12-92: Published: Dec 9, 2011. Publicly Released: Jan 9, 2012.
A wide variety of cybersecurity guidance is available from national and international organizations for entities within the seven critical infrastructure sectors GAO reviewed--banking and finance; communications; energy; health care and public health; information technology; nuclear reactors, material, and waste; and water. Much of this guidance is tailored to business needs of entities or provide...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements
GAO-12-137: Published: Oct 3, 2011. Publicly Released: Oct 3, 2011.
For many years, GAO has reported that weaknesses in information security can lead to serious consequences--such as intrusions by malicious individuals, compromised networks, and the theft of sensitive information including personally identifiable information--and has identified information security as a governmentwide high-risk area. The Federal Information Security Management Act of 2002 (FISMA)...
Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data
GAO-11-708: Published: Aug 12, 2011. Publicly Released: Aug 12, 2011.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper dis...
Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain
GAO-11-149: Published: Jul 8, 2011. Publicly Released: Aug 8, 2011.
The Department of State (State) has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information securit...
Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure
GAO-11-865T: Published: Jul 26, 2011. Publicly Released: Jul 26, 2011.
Increasing computer interconnectivity, such as the growth of the Internet, has revolutionized the way our government, our nation, and much of the world communicate and conduct business. However, this widespread interconnectivity poses significant risks to the government's and the nation's computer systems, and to the critical infrastructures they support. These critical infrastructures include sys...
Information Security: Federal Agencies Have Taken Steps to Secure Wireless Networks, but Further Actions Can Mitigate Risk
GAO-11-43: Published: Nov 30, 2010. Publicly Released: Nov 30, 2010.
Over the past several years, federal agencies have rapidly adopted the use of wireless technologies for their information systems. In a 2005 report, GAO recommended that the Office of Management and Budget (OMB), in its role overseeing governmentwide information security, take several steps to help agencies better secure their wireless networks. GAO was asked to update its prior report by (1) iden...
Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing
GAO-10-855T: Published: Jul 1, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal...