Information security management (61 - 66 of 66 items)
Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements
GAO-03-852T: Published: Jun 24, 2003. Publicly Released: Jun 24, 2003.
Since 1996, GAO has reported that poor information security in the federal government is a widespread problem with potentially devastating consequences. Further, GAO has identified information security as a governmentwide high-risk issue in reports to the Congress since 1997--most recently in January 2003. To strengthen information security practices throughout the federal government, information...
Information Security: Progress Made, But Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructures
GAO-03-564T: Published: Apr 8, 2003. Publicly Released: Apr 8, 2003.
Protecting the computer systems that support federal agencies' operations and our nation's critical infrastructures--such as power distribution, telecommunications, water supply, and national defense--is a continuing concern. These concerns are well-founded for a number of reasons, including the dramatic increases in reported computer security incidents, the ease of obtaining and using hacking too...
Information Security: Comments on the Proposed Federal Information Security Management Act of 2002
GAO-02-677T: Published: May 2, 2002. Publicly Released: May 2, 2002.
The Federal Information Security Management Act of 2002 reauthorizes and expands the information security, evaluation, and reporting requirements enacted in the National Defense Authorization Act for Fiscal Year 2001. Concerned that pervasive information security weaknesses place federal operations at significant risk of disruption, tampering, fraud, and inappropriate disclosures of sensitive info...
Information Security: Weaknesses Place Commerce Data and Operations at Serious Risk
GAO-01-1004T: Published: Aug 3, 2001. Publicly Released: Aug 3, 2001.
This testimony discusses information security controls over computer systems at the Department of Commerce. Dramatic increases in computer interconnectivity, especially in the use of the Internet, are revolutionizing the way the government, the nation, and much of the world communicate and conduct business. However, this widespread interconnectivity also poses significant risks to the nation's com...
Information Security Risk Assessment: Practices of Leading Organizations
AIMD-00-33: Published: Nov 1, 1999. Publicly Released: Nov 1, 1999.
This document is a supplement to GAO's May 1998 executive guide on information security management. It is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessmen...
Information Security: Answers to Posthearing Questions
AIMD-99-272R: Published: Aug 9, 1999. Publicly Released: Aug 9, 1999.
Pursuant to a congressional request, GAO responded to congressional questions regarding its June 24, 1999, testimony on the need for stronger information security management, focusing on: (1) the effectiveness of federal agencies' implementation of the 1987 Computer Security Act; (2) what gaps the Presidential Decision Directive (PDD) No. 63 will fill within existing federal programs that would im...