Skip to main content

Information Security: Persistent Weaknesses Highlight Need for Further Improvement

GAO-07-751T Published: Apr 19, 2007. Publicly Released: Apr 19, 2007.
Jump To:
Skip to Highlights

Highlights

For many years, GAO has reported that weaknesses in information security are a widespread problem with potentially devastating consequences--such as intrusions by malicious users, compromised networks, and the theft of personally identifiable information. In reports to Congress since 1997, GAO has identified information security as a governmentwide high-risk issue. Concerned by reports of significant vulnerabilities in federal computer systems, Congress passed the Federal Information Security Management Act of 2002 (FISMA), which permanently authorized and strengthened the information security program, evaluation, and reporting requirements for federal agencies. FISMA also defines responsibilities for ensuring centralized compilation and analysis of incidents that threaten information security and providing timely technical assistance in handling security incidents. In this testimony, GAO discusses the continued weaknesses in information security controls at 24 major federal agencies, the reporting and analysis of security incidents, and efforts by the Department of Homeland Security (DHS) to develop a cyber threat analysis and warning capability. GAO based its testimony on its previous work in this area as well as agency and congressional reports.

Full Report

GAO Contacts

Office of Public Affairs

Topics

Access controlAccountabilityComputer securityComputer security incidentsCyber securityFederal agenciesInformation securityInformation security managementInformation systemsInternal controlsProgram evaluationRisk assessmentRisk managementStrategic planningPolicies and proceduresProgram implementation