Information systems (31 - 40 of 193 items)
IT Supply Chain: Additional Efforts Needed by National Security-Related Agencies to Address Risks
GAO-12-579T: Published: Mar 27, 2012. Publicly Released: Mar 27, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems and underscores the importance of threat assessments and mitigation. Supply chain threats are present at various phases of a systems development life cycle and could create an unacceptable risk to federal agencies. Key supply chain-related threats includeinstallation of intentionally harmful hardware o...
IT Supply Chain: National Security-Related Agencies Need to Better Address Risks
GAO-12-361: Published: Mar 23, 2012. Publicly Released: Mar 23, 2012.
Reliance on a global supply chain introduces multiple risks to federal information systems. These risks include threats posed by actorssuch as foreign intelligence services or counterfeiterswho may exploit vulnerabilities in the supply chain and thus compromise the confidentiality, integrity, or availability of an end system and the information it contains. This in turn can adversely a...
Cybersecurity: Challenges in Securing the Modernized Electricity Grid
GAO-12-507T: Published: Feb 28, 2012. Publicly Released: Feb 28, 2012.
The threats to systems supporting critical infrastructures are evolving and growing. In a February 2011 testimony, the Director of National Intelligence noted that there had been a dramatic increase in cyber activity targeting U.S. computers and systems in the previous year, including a more than tripling of the volume of malicious software since 2009. Varying types of threats from numerous source...
Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use
GAO-12-92: Published: Dec 9, 2011. Publicly Released: Jan 9, 2012.
A wide variety of cybersecurity guidance is available from national and international organizations for entities within the seven critical infrastructure sectors GAO reviewed--banking and finance; communications; energy; health care and public health; information technology; nuclear reactors, material, and waste; and water. Much of this guidance is tailored to business needs of entities or provide...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements
GAO-12-137: Published: Oct 3, 2011. Publicly Released: Oct 3, 2011.
For many years, GAO has reported that weaknesses in information security can lead to serious consequences--such as intrusions by malicious individuals, compromised networks, and the theft of sensitive information including personally identifiable information--and has identified information security as a governmentwide high-risk area. The Federal Information Security Management Act of 2002 (FISMA)...
Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data
GAO-11-708: Published: Aug 12, 2011. Publicly Released: Aug 12, 2011.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper dis...
Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain
GAO-11-149: Published: Jul 8, 2011. Publicly Released: Aug 8, 2011.
The Department of State (State) has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information securit...
Defense Department Cyber Efforts: Definitions, Focal Point, and Methodology Needed for DOD to Develop Full-Spectrum Cyberspace Budget Estimates
GAO-11-695R: Published: Jul 29, 2011. Publicly Released: Jul 29, 2011.
This letter discusses the Department of Defense's (DOD) cyber and information assurance budget for fiscal year 2012 and future years defense spending. The objectives of this review were to (1) assess the extent to which DOD has prepared an overarching budget estimate for full-spectrum cyberspace operations across the department; and (2) identify the challenges DOD has faced in providing such estim...
Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate
GAO-11-605: Published: Jun 28, 2011. Publicly Released: Jul 28, 2011.
Federal agencies increasingly use recently developed Internet technologies that allow individuals or groups to create, organize, comment on, and share online content. The use of these social media services-- including popular Web sites like Facebook, Twitter, and YouTube-- has been endorsed by President Obama and provides opportunities for agencies to more readily share information with and solici...