Information security (31 - 40 of 187 items)
Information Security: Federal Communications Commission Needs to Strengthen Controls over Enhanced Secured Network Project
GAO-13-155: Published: Jan 25, 2013. Publicly Released: Feb 1, 2013.
The Federal Communications Commission (FCC) did not effectively implement appropriate information security controls in the initial components of the Enhanced Secured Network (ESN) project. Although FCC took steps to enhance its ability to control and monitor its network for security threats, weaknesses identified in the commission's deployment of components of the ESN project as of August 2012 res...
Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-12-393: Published: Mar 16, 2012. Publicly Released: Mar 16, 2012.
IRS implemented numerous controls and procedures intended to protect key financial and tax-processing systems; nevertheless, control weaknesses in these systems continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRSs systems. Specifically, the agency continues to face challenges in controlling access to its...
Critical Infrastructure Protection: Cybersecurity Guidance Is Available, but More Can Be Done to Promote Its Use
GAO-12-92: Published: Dec 9, 2011. Publicly Released: Jan 9, 2012.
A wide variety of cybersecurity guidance is available from national and international organizations for entities within the seven critical infrastructure sectors GAO reviewed--banking and finance; communications; energy; health care and public health; information technology; nuclear reactors, material, and waste; and water. Much of this guidance is tailored to business needs of entities or provide...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Information Security: Weaknesses Continue Amid New Federal Efforts to Implement Requirements
GAO-12-137: Published: Oct 3, 2011. Publicly Released: Oct 3, 2011.
For many years, GAO has reported that weaknesses in information security can lead to serious consequences--such as intrusions by malicious individuals, compromised networks, and the theft of sensitive information including personally identifiable information--and has identified information security as a governmentwide high-risk area. The Federal Information Security Management Act of 2002 (FISMA)...
Information Security: Federal Deposit Insurance Corporation Has Made Progress, but Further Actions Are Needed to Protect Financial Data
GAO-11-708: Published: Aug 12, 2011. Publicly Released: Aug 12, 2011.
The Federal Deposit Insurance Corporation (FDIC) has a demanding responsibility enforcing banking laws, regulating financial institutions, and protecting depositors. Because of the importance of FDIC's work, effective information security controls are essential to ensure that the corporation's systems and information are adequately protected from inadvertent misuse, fraudulent use, or improper dis...
Information Security: State Has Taken Steps to Implement a Continuous Monitoring Application, but Key Challenges Remain
GAO-11-149: Published: Jul 8, 2011. Publicly Released: Aug 8, 2011.
The Department of State (State) has implemented a custom application called iPost and a risk scoring program that is intended to provide continuous monitoring capabilities of information security risk to elements of its information technology (IT) infrastructure. Continuous monitoring can facilitate nearer real-time risk management and represents a significant change in the way information securit...
Cybersecurity: Continued Attention Needed to Protect Our Nation's Critical Infrastructure
GAO-11-865T: Published: Jul 26, 2011. Publicly Released: Jul 26, 2011.
Increasing computer interconnectivity, such as the growth of the Internet, has revolutionized the way our government, our nation, and much of the world communicate and conduct business. However, this widespread interconnectivity poses significant risks to the government's and the nation's computer systems, and to the critical infrastructures they support. These critical infrastructures include sys...
Information Security: IRS Needs to Enhance Internal Control over Financial Reporting and Taxpayer Data
GAO-11-308: Published: Mar 15, 2011. Publicly Released: Mar 15, 2011.
The Internal Revenue Service (IRS) has a demanding responsibility in collecting taxes, processing tax returns, and enforcing the nation's tax laws. It relies extensively on computerized systems to support its financial and mission-related operations and on information security controls to protect financial and sensitive taxpayer information that resides on those systems. As part of its audit of IR...
Information Security: National Nuclear Security Administration Needs to Improve Contingency Planning for Its Classified Supercomputing Operations
GAO-11-67: Published: Dec 9, 2010. Publicly Released: Dec 9, 2010.
In the absence of underground nuclear weapons testing, the National Nuclear Security Administration (NNSA) relies on its supercomputing operations at its three weapons laboratories to simulate the effects of changes to current weapons systems, calculate the confidence of future untested systems, and ensure military requirements are met. GAO was requested to assess the extent to which (1) NNSA has...