Internal controls (121 - 130 of 245 items)
Financial Market Organizations Have Taken Steps to Protect against Electronic Attacks, but Could Take Additional Actions
GAO-05-679R: Published: Jun 29, 2005. Publicly Released: Jul 29, 2005.
The September 11, 2001, terrorist attacks on the World Trade Center exposed the vulnerability of the financial markets to disruption by such events. As part of a series of reviews we have performed at the request of Members of Congress, we have examined and reported on the adequacy of the steps that financial market participants have taken to reduce their vulnerability to attacks and to be better...
Information Security: Weaknesses Persist at Federal Agencies Despite Progress Made in Implementing Related Statutory Requirements
GAO-05-552: Published: Jul 15, 2005. Publicly Released: Jul 15, 2005.
Federal agencies rely extensively on computerized information systems and electronic data to carry out their missions. The security of these systems and data is essential to prevent data tampering, disruptions in critical operations, fraud, and inappropriate disclosure of sensitive information. Concerned with accounts of attacks on systems via the Internet and reports of significant weaknesses in...
Information Security: Department of Homeland Security Needs to Fully Implement Its Security Program
GAO-05-700: Published: Jun 17, 2005. Publicly Released: Jul 8, 2005.
The Homeland Security Act of 2002 mandated the merging of 22 federal agencies and organizations to create the Department of Homeland Security (DHS), whose mission, in part, is to protect our homeland from threats and attacks. DHS relies on a variety of computerized information systems to support its operations. GAO was asked to review DHS's information security program. In response, GAO determined...
Information Security: Emerging Cybersecurity Issues Threaten Federal Information Systems
GAO-05-231: Published: May 13, 2005. Publicly Released: Jun 13, 2005.
Federal agencies are facing a set of emerging cybersecurity threats that are the result of increasingly sophisticated methods of attack and the blending of once distinct types of attack into more complex and damaging forms. Examples of these threats include spam (unsolicited commercial e-mail), phishing (fraudulent messages to obtain personal or sensitive data), and spyware (software that monitors...
Information Security: Federal Deposit Insurance Corporation Needs to Sustain Progress
GAO-05-486: Published: May 19, 2005. Publicly Released: May 19, 2005.
The Federal Deposit Insurance Corporation (FDIC) relies extensively on computerized systems to support its financial and mission-related operations. As part of GAO's audit of the calendar year 2004 financial statements for the three funds administered by FDIC, GAO assessed (1) the progress FDIC has made in correcting or mitigating information system control weaknesses identified in our audits for...
Information Security: Federal Agencies Need to Improve Controls over Wireless Networks
GAO-05-383: Published: May 17, 2005. Publicly Released: May 17, 2005.
The use of wireless networks is becoming increasingly popular. Wireless networks extend the range of traditional wired networks by using radio waves to transmit data to wireless-enabled devices such as laptops. They can offer federal agencies many potential benefits but they are difficult to secure. GAO was asked to study the security of wireless networks operating within federal facilities. This...
Bureau of the Public Debt: Areas for Improvement in Information Security Controls
GAO-05-467R: Published: Apr 18, 2005. Publicly Released: Apr 18, 2005.
In connection with fulfilling our requirement to audit the financial statements of the U.S. government, we audited and reported on the Schedules of Federal Debt Managed by the Bureau of the Public Debt (BPD) for the fiscal years ended September 30, 2004 and 2003. As part of these audits, we performed a review of the general and application information security controls over key BPD financial syste...
Information Security: Internal Revenue Service Needs to Remedy Serious Weaknesses over Taxpayer and Bank Secrecy Act Data
GAO-05-482: Published: Apr 15, 2005. Publicly Released: Apr 15, 2005.
The Internal Revenue Service (IRS) relies extensively on computerized systems to support its financial and mission-related operations. In addition, IRS provides computer processing support to the Financial Crimes Enforcement Network (FinCEN)--another Treasury bureau. As part of IRS's fiscal year 2004 financial statements, GAO assessed (1) the status of IRS's actions to correct or mitigate previous...
Information Security: Securities and Exchange Commission Needs to Address Weak Controls over Financial and Sensitive Data
GAO-05-262: Published: Mar 23, 2005. Publicly Released: Mar 23, 2005.
The Securities and Exchange Commission (SEC) relies extensively on computerized systems to support its financial and mission-related operations. As part of the audit of SEC's fiscal year 2004 financial statements, GAO assessed the effectiveness of the commission's information system controls in protecting the integrity, confidentiality, and availability of its financial and sensitive information.S...
Information Security: Agencies Need to Implement Consistent Processes In Authorizing Systems for Operation
GAO-04-376: Published: Jun 28, 2004. Publicly Released: Jul 28, 2004.
The Office of Management and Budget (OMB) requires agencies to certify the security controls of their information systems and to formally authorize and accept the risk associated with their operation (a process known as accreditation). These processes support requirements of the Federal Information Security Management Act of 2002 (FISMA). Further, OMB requires agencies to report the number of syst...