Information security (31 - 40 of 141 items)
Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements
GAO-12-137: Published: Oct 3, 2011. Publicly Released: Oct 3, 2011.
For many years, GAO has reported that weaknesses in information security can lead to serious consequences--such as intrusions by malicious individuals, compromised networks, and the theft of sensitive information including personally identifiable information--and has identified information security as a governmentwide high-risk area. The Federal Information Security Management Act of 2002 (FISMA)...
Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data
GAO-11-708: Published: Aug 12, 2011. Publicly Released: Aug 12, 2011.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper dis...
Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain
GAO-11-149: Published: Jul 8, 2011. Publicly Released: Aug 8, 2011.
The Department of State (State) has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information securit...
Social Media: Federal Agencies Need Policies and Procedures for Managing and Protecting Information They Access and Disseminate
GAO-11-605: Published: Jun 28, 2011. Publicly Released: Jul 28, 2011.
Federal agencies increasingly use recently developed Internet technologies that allow individuals or groups to create, organize, comment on, and share online content. The use of these social media services-- including popular Web sites like Facebook, Twitter, and YouTube-- has been endorsed by President Obama and provides opportunities for agencies to more readily share information with and solici...
Information Security: Federal Deposit Insurance Corporation Needs to Mitigate Control Weaknesses
GAO-11-29: Published: Nov 30, 2010. Publicly Released: Nov 30, 2010.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of its work, the corporation must employ strong information security controls to ensure that its information systems are adequately protected from inadvertent misuse, fraud, and improper disclosure. As part o...
Information Security: National Archives and Records Administration Needs to Implement Key Program Elements and Controls
GAO-11-20: Published: Oct 21, 2010. Publicly Released: Oct 27, 2010.
The National Archives and Records Administration (NARA) is responsible for preserving access to government documents and other records of historical significance and overseeing records management throughout the federal government. NARA relies on the use of information systems to receive, process, store, and track government records. As such, NARA is tasked with preserving and maintaining access to...
Information Security: Progress Made on Harmonizing Policies and Guidance for National Security and Non-National Security Systems
GAO-10-916: Published: Sep 15, 2010. Publicly Released: Sep 15, 2010.
Historically, civilian and national security-related information technology (IT) systems have been governed by different information security policies and guidance. Specifically, the Office of Management and Budget and the Department of Commerce's National Institute of Standards and Technology (NIST) established policies and guidance for civilian non-national security systems, while other organiza...
Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing
GAO-10-855T: Published: Jul 1, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal...
Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing
GAO-10-513: Published: May 27, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to (1) identify the models of cloud computing, (2) identify the in...
Cybersecurity: Continued Attention Is Needed to Protect Federal Information Systems from Evolving Threats
GAO-10-834T: Published: Jun 16, 2010. Publicly Released: Jun 16, 2010.
Pervasive and sustained cyber attacks continue to pose a potentially devastating threat to the systems and operations of the federal government. In recent testimony, the Director of National Intelligence highlighted that many nation states, terrorist networks, and organized criminal groups have the capability to target elements of the United States information infrastructure for intelligence colle...