Information resources management (11 - 20 of 21 items)
Information Security: Continued Efforts Needed to Sustain Progress in Implementing Statutory Requirements
GAO-04-483T: Published: Mar 16, 2004. Publicly Released: Mar 16, 2004.
For many years, GAO has reported on the widespread negative impact of poor information security within federal agencies and has identified it as a governmentwide high-risk issue since 1997. Legislation designed to improve information security was enacted in October 2000. It was strengthened in December 2002 by new legislation, the Federal Information Security Management Act of 2002 (FISMA), which...
Information Security: Technologies to Secure Federal Systems
GAO-04-467: Published: Mar 9, 2004. Publicly Released: Mar 16, 2004.
Federal agencies rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and date is essential to preventing data tampering, disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Congress and the executive branch have taken actions to address this challenge, such as enacting and...
Information Security: Challenges in Using Biometrics
GAO-03-1137T: Published: Sep 9, 2003. Publicly Released: Sep 9, 2003.
One of the primary functions of any security system is the control of people into or out of protected areas, such as physical buildings, information systems, and our national border. Technologies called biometrics can automate the identification of people by one or more of their distinct physical or behavioral characteristics. The term biometrics covers a wide range of technologies that can be use...
Information Security: Continued Efforts Needed to Fully Implement Statutory Requirements
GAO-03-852T: Published: Jun 24, 2003. Publicly Released: Jun 24, 2003.
Since 1996, GAO has reported that poor information security in the federal government is a widespread problem with potentially devastating consequences. Further, GAO has identified information security as a governmentwide high-risk issue in reports to the Congress since 1997--most recently in January 2003. To strengthen information security practices throughout the federal government, information...
Information Security: Progress Made, But Challenges Remain to Protect Federal Systems and the Nation's Critical Infrastructures
GAO-03-564T: Published: Apr 8, 2003. Publicly Released: Apr 8, 2003.
Protecting the computer systems that support federal agencies' operations and our nation's critical infrastructures--such as power distribution, telecommunications, water supply, and national defense--is a continuing concern. These concerns are well-founded for a number of reasons, including the dramatic increases in reported computer security incidents, the ease of obtaining and using hacking too...
Information Security: Subcommittee Post-Hearing Questions Concerning the Additional Actions Needed to Implement Reform Legislation
GAO-02-649R: Published: Apr 16, 2002. Publicly Released: Apr 16, 2002.
This report reviews efforts by the Office of Management and Budget (OMB), 24 of the largest federal agencies, and the agencies' inspectors general to implement requirements set forth as part of the National Defense Authorization Act for Fiscal Year 2001. GAO discusses (1) OMB's assessment of the top six security weaknesses within federal agencies, (2) information security weaknesses in federal inf...
Information Security: Weaknesses Place Commerce Data and Operations at Serious Risk
GAO-01-1004T: Published: Aug 3, 2001. Publicly Released: Aug 3, 2001.
This testimony discusses information security controls over computer systems at the Department of Commerce. Dramatic increases in computer interconnectivity, especially in the use of the Internet, are revolutionizing the way the government, the nation, and much of the world communicate and conduct business. However, this widespread interconnectivity also poses significant risks to the nation's com...
Information Security: Advances and Remaining Challenges to Adoption of Public Key Infrastructure Technology
GAO-01-277: Published: Feb 26, 2001. Publicly Released: Feb 26, 2001.
The federal government must overcome several major challenges before public key infrastructure (PKI) technology can be widely and effectively used. These challenges include providing interoperability among agency PKIs, ensuring that PKI implementations can support a potential large scale of users, reducing the cost of building PKI systems, setting policies to maintain trust levels among agencies,...
Information Security: Vulnerabilities in DOE's Systems for Unclassified Civilian Research
AIMD-00-140: Published: Jun 9, 2000. Publicly Released: Jun 30, 2000.
Pursuant to a congressional request, GAO reviewed the security of the Department of Energy's (DOE) unclassified information systems that support its civilian research programs, focusing on: (1) whether DOE's unclassified systems for civilian research are vulnerable to unauthorized access; (2) whether DOE is effectively managing information systems security; and (3) what DOE is doing to address the...
Information Security Risk Assessment: Practices of Leading Organizations
AIMD-00-33: Published: Nov 1, 1999. Publicly Released: Nov 1, 1999.
This document is a supplement to GAO's May 1998 executive guide on information security management. It is intended to help federal managers implement an ongoing information security risk assessment process by providing examples, or case studies, of practical risk assessment procedures that have been successfully adopted by four organizations known for their efforts to implement good risk assessmen...