Risk management (31 - 40 of 45 items)
Information Security: FDIC Sustains Progress but Needs to Improve Configuration Management of Key Financial Systems
GAO-08-564: Published: May 30, 2008. Publicly Released: May 30, 2008.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Effective information security controls are essential to ensure that FDIC systems and information are adequately protected from inadvertent misuse, fraudulent, or improper disclosure. As part of its audit of FDIC's 2007 financial stat...
Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist
GAO-08-571T: Published: Mar 12, 2008. Publicly Released: Mar 12, 2008.
Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of our biennial reports to Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed the F...
Information Security: Protecting Personally Identifiable Information
GAO-08-343: Published: Jan 25, 2008. Publicly Released: Feb 22, 2008.
The loss of personally identifiable information can result in substantial harm, embarrassment, and inconvenience to individuals and may lead to identity theft or other fraudulent use of the information. As shown in prior GAO reports, compromises to such information and long-standing weaknesses in federal information security raise important questions about what steps federal agencies should take t...
Information Security: Selected Departments Need to Address Challenges in Implementing Statutory Requirements
GAO-07-528: Published: Aug 31, 2007. Publicly Released: Oct 1, 2007.
The Federal Information Security Management Act of 2002 (FISMA) strengthened security requirements by, among other things, requiring federal agencies to establish programs to provide cost-effective security for information and information systems. In overseeing FISMA implementation, the Office of Management and Budget (OMB) has established supporting processes and reporting requirements. However,...
Veterans Affairs: Sustained Management Commitment and Oversight Are Essential to Completing Information Technology Realignment and Strengthening Information Security
GAO-07-1264T: Published: Sep 26, 2007. Publicly Released: Sep 26, 2007.
The Department of Veterans Affairs (VA) has encountered numerous challenges in managing its information technology (IT) and securing its information systems. In October 2005, the department initiated a realignment of its IT program to provide greater authority and accountability over its resources. The May 2006 security incident highlighted the need for additional actions to secure personal inform...
Information Security: Federal Deposit Insurance Corporation Needs to Sustain Progress Improving Its Program
GAO-07-351: Published: May 18, 2007. Publicly Released: May 18, 2007.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. As part of its audit of the calendar year 2006 financial statements, GAO assessed (1) the progress FDIC has made in correcting or mitigating information security weaknesses previously reported and (2) the effectiveness of FDIC's syste...
Information Security: Persistent Weaknesses Highlight Need for Further Improvement
GAO-07-751T: Published: Apr 19, 2007. Publicly Released: Apr 19, 2007.
For many years, GAO has reported that weaknesses in information security are a widespread problem with potentially devastating consequences--such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information. In reports to Congress since 1997, GAO has identified information security as a governmentwide high-risk issue. Concerned by reports of signific...
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Securities and Exchange Commission Needs to Continue to Improve Its Program
GAO-06-408: Published: Mar 31, 2006. Publicly Released: Mar 31, 2006.
The Securities and Exchange Commission (SEC) has a demanding responsibility enforcing securities laws, regulating the securities markets, and protecting investors. In enforcing these laws, SEC issues rules and regulations to provide protection for investors and to help ensure that the securities markets are fair and honest. It relies extensively on computerized systems to support its financial and...
Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk
GAO-05-362: Published: Apr 22, 2005. Publicly Released: May 23, 2005.
The federal government increasingly relies on information technology (IT) systems to provide essential services affecting the health, economy, and defense of the nation. To assist in providing these important services, the federal government relies extensively on contractors to provide IT services and systems. In addition to contractors that provide systems and services to the federal government,...