Information technology (61 - 70 of 95 items)
Veterans Affairs: Sustained Management Commitment and Oversight Are Essential to Completing Information Technology Realignment and Strengthening Information Security
GAO-07-1264T: Published: Sep 26, 2007. Publicly Released: Sep 26, 2007.
The Department of Veterans Affairs (VA) has encountered numerous challenges in managing its information technology (IT) and securing its information systems. In October 2005, the department initiated a realignment of its IT program to provide greater authority and accountability over its resources. The May 2006 security incident highlighted the need for additional actions to secure personal inform...
Information Security: Sustained Management Commitment and Oversight Are Vital to Resolving Long-standing Weaknesses at the Department of Veterans Affairs
GAO-07-1019: Published: Sep 7, 2007. Publicly Released: Sep 19, 2007.
In May 2006, the Department of Veterans Affairs (VA) announced that computer equipment containing personal information on approximately 26.5 million veterans and active duty military personnel had been stolen. Given the importance of information technology (IT) to VA's mission, effective information security controls are critical to maintaining public and veteran confidence in its ability to prote...
Privacy: Lessons Learned about Data Breach Notification
GAO-07-657: Published: Apr 30, 2007. Publicly Released: Apr 30, 2007.
A May 2006 data breach at the Department of Veterans Affairs (VA) and other similar incidents since then have heightened awareness of the importance of protecting computer equipment containing personally identifiable information and responding effectively to a breach that poses privacy risks. GAO's objective was to identify lessons learned from the VA data breach and other similar federal data bre...
Information Security: Sustained Progress Needed to Strengthen Controls at the Securities and Exchange Commission
GAO-07-256: Published: Mar 27, 2007. Publicly Released: Mar 27, 2007.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misu...
Information Security: Veterans Affairs Needs to Address Long-Standing Weaknesses
GAO-07-532T: Published: Feb 28, 2007. Publicly Released: Feb 28, 2007.
Security breaches at the Department of Veterans Affairs (VA) and other public and private organizations have highlighted the importance of well-designed and implemented information security programs. GAO was asked to testify on its past work on VA's information security program, as well as ongoing reviews that it is conducting at VA. In developing its testimony, GAO drew on over 15 of its previous...
Information Security: Agencies Need to Develop and Implement Adequate Policies for Periodic Testing
GAO-07-65: Published: Oct 20, 2006. Publicly Released: Nov 20, 2006.
Agencies rely extensively on computerized information systems and electronic data to carry out their missions. To ensure the security of the information and information systems that support critical operations and infrastructure, federal law and policy require agencies to periodically test and evaluate the effectiveness of their information security controls at least annually. GAO was asked to eva...
Information Security: Coordination of Federal Cyber Security Research and Development
GAO-06-811: Published: Sep 29, 2006. Publicly Released: Oct 31, 2006.
Research and development (R&D) of cyber security technology is essential to creating a broader range of choices and more robust tools for building secure, networked computer systems in the federal government and in the private sector. The National Strategy to Secure Cyberspace identifies national priorities to secure cyberspace, including a federal R&D agenda. GAO was asked to identify the (1) fed...
Information Assurance: National Partnership Offers Benefits, but Faces Considerable Challenges
GAO-06-392: Published: Mar 24, 2006. Publicly Released: Mar 24, 2006.
In 1997, the National Security Agency and the National Institute of Standards and Technology formed the National Information Assurance Partnership (NIAP) to boost federal agencies' and consumers' confidence in information security products manufactured by vendors. To facilitate this goal, NIAP developed a national program that requires accredited laboratories to independently evaluate and validate...
Information Security: Key Considerations Related to Federal Implementation of Radio Frequency Identification Technology
GAO-05-849T: Published: Jun 22, 2005. Publicly Released: Jun 22, 2005.
Radio frequency identification (RFID) is an automated data-capture technology that can be used to electronically identify, track, and store information contained on a tag that is attached to or embedded in an object, such as a product, case, or pallet. Federal agencies have begun implementation of RFID technology, which can offer them new capabilities and efficiencies in operations. For example, t...
Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems
GAO-05-231: Published: May 13, 2005. Publicly Released: Jun 13, 2005.
Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors...