Internal controls (81 - 90 of 245 items)
Information Security: FDIC Sustains Progress but Needs to Improve Configuration Management of Key Financial Systems
GAO-08-564: Published: May 30, 2008. Publicly Released: May 30, 2008.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Effective information security controls are essential to ensure that FDIC systems and information are adequately protected from inadvertent misuse, fraudulent, or improper disclosure. As part of its audit of FDIC's 2007 financial stat...
Bureau of the Public Debt: Areas for Improvement in Information Security Controls
GAO-08-625R: Published: May 27, 2008. Publicly Released: May 27, 2008.
In connection with fulfilling our requirement to audit the financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2007 and 2006. As part of these audits, we performed a review of the general and application information security controls over key BPD financial syste...
Information Security: TVA Needs to Address Weaknesses in Control Systems and Networks
GAO-08-526: Published: May 21, 2008. Publicly Released: May 21, 2008.
Securing the control systems that regulate the nation's critical infrastructures is vital to ensuring our economic security and public health and safety. The Tennessee Valley Authority (TVA), a federal corporation and the nation's largest public power company, generates and distributes power in an area of about 80,000 square miles in the southeastern United States. GAO was asked to determine wheth...
Information Security: TVA Needs to Enhance Security of Critical Infrastructure Control Systems and Networks
GAO-08-775T: Published: May 21, 2008. Publicly Released: May 21, 2008.
The control systems that regulate the nation's critical infrastructures face risks of cyber threats, system vulnerabilities, and potential attacks. Securing these systems is therefore vital to ensuring national security, economic well-being, and public health and safety. While most critical infrastructures are privately owned, the Tennessee Valley Authority (TVA), a federal corporation and the nat...
National Transportation Safety Board: Progress Made in Management Practices, Investigation Priorities, Training Center Use, and Information Security, But These Areas Continue to Need Improvement
GAO-08-652T: Published: Apr 23, 2008. Publicly Released: Apr 23, 2008.
The National Transportation Safety Board (NTSB) plays a vital role in advancing transportation safety by investigating accidents, determining their causes, issuing safety recommendations, and conducting safety studies. To support its mission, NTSB's training center provides training to NTSB investigators and others. It is important that NTSB use its resources efficiently to carry out its mission....
Information Security: Progress Reported, but Weaknesses at Federal Agencies Persist
GAO-08-571T: Published: Mar 12, 2008. Publicly Released: Mar 12, 2008.
Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of our biennial reports to Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed the F...
Information Security: Securities and Exchange Commission Needs to Continue to Improve Its Program
GAO-08-280: Published: Feb 29, 2008. Publicly Released: Feb 29, 2008.
In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the Securities and Exchange Commission (SEC) relies extensively on computerized systems. Integrating effective information security controls into a layered control strategy is essential to ensure that SEC's financial and sensitive information are protected from inadvertent or deliberate mis...
Information Security: Although Progress Reported, Federal Agencies Need to Resolve Significant Deficiencies
GAO-08-496T: Published: Feb 14, 2008. Publicly Released: Feb 14, 2008.
Information security is especially important for federal agencies, where the public's trust is essential and poor information security can have devastating consequences. Since 1997, GAO has identified information security as a governmentwide high-risk issue in each of its biennial reports to the Congress. Concerned by reports of significant weaknesses in federal computer systems, Congress passed t...
Information Security: IRS Needs to Address Pervasive Weaknesses
GAO-08-211: Published: Jan 8, 2008. Publicly Released: Jan 8, 2008.
The Internal Revenue Service (IRS) relies extensively on computerized systems to carry out its demanding responsibilities to collect taxes (about $2.7 trillion in fiscal year 2007), process tax returns, and enforce the nation's tax laws. Effective information security controls are essential to ensuring that financial and taxpayer information is adequately protected from inadvertent or deliberate m...
Information Security: Selected Departments Need to Address Challenges in Implementing Statutory Requirements
GAO-07-528: Published: Aug 31, 2007. Publicly Released: Oct 1, 2007.
The Federal Information Security Management Act of 2002 (FISMA) strengthened security requirements by, among other things, requiring federal agencies to establish programs to provide cost-effective security for information and information systems. In overseeing FISMA implementation, the Office of Management and Budget (OMB) has established supporting processes and reporting requirements. However,...