Improvements Needed to Reduce Risk to Critical Federal Operations and Assets
GAO-02-231T: Published: Nov 9, 2001. Publicly Released: Nov 9, 2001.
Federal agencies rely extensively on computer systems and electronic data to support their missions. The security of these systems is essential to avoiding disruptions in critical operations and to prevent data tampering, fraud, and inappropriate disclosure of sensitive information. GAO analyzed information security audits and evaluations at 24 major federal departments and agencies since July 2000. This testimony summarizes (1) the pervasive weaknesses that led GAO to begin reporting information security as a government-wide high-risk issue in 1997, (2) the serious risks that these weaknesses pose at selected agencies and common weaknesses that agencies need to address to improve their information security programs, and (3) the importance of establishing strong agency-wide security management programs and developing a comprehensive government-wide strategy for improvement.