Information technology (71 - 80 of 95 items)
Information Security: Radio Frequency Identification Technology in the Federal Government
GAO-05-551: Published: May 27, 2005. Publicly Released: May 27, 2005.
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which offers them new capabilities and efficiencies in operations. The reduced cost...
Information Security: Improving Oversight of Access to Federal Systems and Data by Contractors Can Reduce Risk
GAO-05-362: Published: Apr 22, 2005. Publicly Released: May 23, 2005.
The federal government increasingly relies on information technology (IT) systems to provide essential services affecting the health, economy, and defense of the nation. To assist in providing these important services, the federal government relies extensively on contractors to provide IT services and systems. In addition to contractors that provide systems and services to the federal government,...
Information Security: Federal Agencies Need to Improve Controls over Wireless Networks
GAO-05-383: Published: May 17, 2005. Publicly Released: May 17, 2005.
The use of wireless networks is becoming increasingly popular. Wireless networks extend the range of traditional wired networks by using radio waves to transmit data to wireless-enabled devices such as laptops. They can offer federal agencies many potential benefits but they are difficult to secure. GAO was asked to study the security of wireless networks operating within federal facilities. This...
Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements
GAO-05-483T: Published: Apr 7, 2005. Publicly Released: Apr 7, 2005.
For many years, GAO has reported that poor information security is a widespread problem that has potentially devastating consequences. Further, since 1997, GAO has identified information security as a governmentwide high-risk issue in reports to Congress--most recently in January 2005. Concerned with accounts of attacks on commercial systems via the Internet and reports of significant weaknesses i...
Information Security: Agencies Need to Implement Consistent Processes In Authorizing Systems for Operation
GAO-04-376: Published: Jun 28, 2004. Publicly Released: Jul 28, 2004.
The Office of Management and Budget (OMB) requires agencies to certify the security controls of their information systems and to formally authorize and accept the risk associated with their operation (a process known as accreditation). These processes support requirements of the Federal Information Security Management Act of 2002 (FISMA). Further, OMB requires agencies to report the number of syst...
Information Security: Agencies Face Challenges in Implementing Effective Software Patch Management Processes
GAO-04-816T: Published: Jun 2, 2004. Publicly Released: Jun 2, 2004.
Flaws in software code can introduce vulnerabilities that may be exploited to cause significant damage to federal information systems. Such risks continue to grow with the increasing speed, sophistication, and volume of reported attacks, as well as the decreasing period of the time from vulnerability announcement to attempted exploits. The process of applying software patches to fix flaws--patch m...
Information Security: Continued Action Needed to Improve Software Patch Management
GAO-04-706: Published: Jun 2, 2004. Publicly Released: Jun 2, 2004.
Flaws in software code can introduce vulnerabilities that may be exploited to cause significant damage to federal information systems. Such risks continue to grow with the increasing speed, sophistication, and volume of reported attacks, as well as the decreasing period of the time from vulnerability announcement to attempted exploits. The process of applying software patches to fix flaws, referre...
Information Security: Information System Controls at the Federal Deposit Insurance Corporation
GAO-04-630: Published: May 28, 2004. Publicly Released: May 28, 2004.
Effective controls over information systems are essential to ensuring the protection of financial and personnel information and the security and reliability of bank examination data maintained by the Federal Deposit Insurance Corporation (FDIC). As part of our calendar year 2003 financial statement audits of three FDIC Funds, GAO assessed the effectiveness of the corporation's general controls on...
Technology Assessment: Cybersecurity for Critical Infrastructure Protection
GAO-04-321: Published: May 28, 2004. Publicly Released: May 28, 2004.
Computers are crucial to the operations of government and business. Computers and networks essentially run the critical infrastructures that are vital to our national defense, economic security, and public health and safety. Unfortunately, many computer systems and networks were not designed with security in mind. As a result, the core of our critical infrastructure is riddled with vulnerabilities...
Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems
GAO-04-628T: Published: Mar 30, 2004. Publicly Released: Mar 30, 2004.
Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. At the request...