Cyber security (31 - 38 of 38 items)
Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems
GAO-05-231: Published: May 13, 2005. Publicly Released: Jun 13, 2005.
Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors...
Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements
GAO-04-483T: Published: Mar 16, 2004. Publicly Released: Mar 16, 2004.
For many years, GAO has reported on the widespread negative impact of poor information security within federal agencies and has identified it as a governmentwide high-risk issue since 1997. Legislation designed to improve information security was enacted in October 2000. It was strengthened in December 2002 by new legislation, the Federal Information Security Management Act of 2002 (FISMA), which...
Information Security: Technologies to Secure Federal Systems
GAO-04-467: Published: Mar 9, 2004. Publicly Released: Mar 16, 2004.
Federal agencies rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and date is essential to preventing data tampering, disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Congress and the executive branch have taken actions to address this challenge, such as enacting and...
Information Security: Effective Patch Management is Critical to Mitigating Software Vulnerabilities
GAO-03-1138T: Published: Sep 10, 2003. Publicly Released: Sep 10, 2003.
Attacks on computer systems--in government and the private sector--are increasing at an alarming rate, placing both federal and private-sector operations and assets at considerable risk. By exploiting software vulnerabilities, hackers can cause significant damage. While patches, or software fixes, for these vulnerabilities are often well publicized and available, they are frequently not quickly or...
Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan
AIMD-00-217: Published: Aug 10, 2000. Publicly Released: Sep 11, 2000.
Pursuant to a congressional request, GAO provided information on the steps the Department of Agriculture (USDA) is taking to help ensure departmentwide information systems security.GAO noted that: (1) USDA has taken positive steps to begin improving its information security by developing its August 1999 Action Plan with recommendations to strengthen departmentwide information security and hiring a...
Critical Infrastructure Protection: Comments on the Proposed Cyber Security Information Act of 2000
T-AIMD-00-229: Published: Jun 22, 2000. Publicly Released: Jun 22, 2000.
Pursuant to a congressional request, GAO discussed the proposed Cyber Security Information Act of 2000 (H.R. 4246), focusing on how it can enhance critical infrastructure protection and the formidable challenges involved with achieving the goals of the bill.GAO noted that: (1) by removing key barriers that are precluding private industry from sharing information about infrastructure threats and vu...
Information Security: Many NASA Missions-Critical Systems Face Serious Risks
AIMD-99-47: Published: May 20, 1999. Publicly Released: May 20, 1999.
Pursuant to a congressional request, GAO provided information on the National Aeronautics and Space Administration's (NASA) information security program, focusing on: (1) whether NASA's mission-critical information systems are vulnerable to unauthorized access; (2) whether NASA is effectively managing information systems security; and (3) what NASA is doing to address the risk of unauthorized acce...
Computer Security Research and Training Act of 1985, H.R. 2889
128276: Oct 30, 1985
GAO provided its views on H.R. 2889, the Computer Security Research and Training Act of 1985. Information stored in government computers and transmitted over connecting networks is vulnerable to unauthorized access and disclosure, fraudulent manipulation, and disruption. GAO endorsed the bill's purpose in requiring that: (1) the National Bureau of Standards (NBS) establish and conduct a computer s...