Risk management (11 - 20 of 21 items)
Federal Reserve Banks: Areas for Improvement in Information Security Controls
GAO-08-836R: Published: Jun 16, 2008. Publicly Released: Jun 16, 2008.
In connection with fulfilling our requirement to audit the financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2007 and 2006. As part of these audits, we performed a review of the general and application information security controls over key financial systems m...
Information Security: FDIC Sustains Progress but Needs to Improve Configuration Management of Key Financial Systems
GAO-08-564: Published: May 30, 2008. Publicly Released: May 30, 2008.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Effective information security controls are essential to ensure that FDIC systems and information are adequately protected from inadvertent misuse, fraudulent, or improper disclosure. As part of its audit of FDIC's 2007 financial stat...
Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist
GAO-08-571T: Published: Mar 12, 2008. Publicly Released: Mar 12, 2008.
Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of our biennial reports to Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed the F...
Information Security: Protecting Personally Identifiable Information
GAO-08-343: Published: Jan 25, 2008. Publicly Released: Feb 22, 2008.
The loss of personally identifiable information can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information. As shown in prior GAO reports, compromises to such information and long-standing weaknesses in federal information security raise important questions about what steps federal agencies should take t...
Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies
GAO-08-496T: Published: Feb 14, 2008. Publicly Released: Feb 14, 2008.
Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of its biennial reports to the Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed t...
Information Security: Persistent Weaknesses Highlight Need for Further Improvement
GAO-07-751T: Published: Apr 19, 2007. Publicly Released: Apr 19, 2007.
For many years, GAO has reported that weaknesses in information security are a widespread problem with potentially devastating consequences--such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information. In reports to Congress since 1997, GAO has identified information security as a governmentwide high-risk issue. Concerned by reports of signific...
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Securities and Exchange Commission Needs to Continue to Improve Its Program
GAO-06-408: Published: Mar 31, 2006. Publicly Released: Mar 31, 2006.
The Securities and Exchange Commission (SEC) has a demanding responsibility enforcing securities laws, regulating the securities markets, and protecting investors. In enforcing these laws, SEC issues rules and regulations to provide protection for investors and to help ensure that the securities markets are fair and honest. It relies extensively on computerized systems to support its financial and...
Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk
GAO-05-362: Published: Apr 22, 2005. Publicly Released: May 23, 2005.
The federal government increasingly relies on information technology (IT) systems to provide essential services affecting the health, economy, and defense of the nation. To assist in providing these important services, the federal government relies extensively on contractors to provide IT services and systems. In addition to contractors that provide systems and services to the federal government,...
Information Security: Federal Deposit Insurance Corporation Needs to Sustain Progress
GAO-05-486: Published: May 19, 2005. Publicly Released: May 19, 2005.
The Federal Deposit Insurance Corporation (FDIC) relies extensively on computerized systems to support its financial and mission-related operations. As part of GAO's audit of the calendar year 2004 financial statements for the three funds administered by FDIC, GAO assessed (1) the progress FDIC has made in correcting or mitigating information system control weaknesses identified in our audits for...