Justice and Law Enforcement:

Computer Security Weaknesses at the Department of Justice

T-IMTEC-91-15: Published: Jun 27, 1991. Publicly Released: Jun 27, 1991.

Contact:

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

GAO discussed computer security weaknesses in the Department of Justice's (DOJ) computer systems that store highly sensitive law enforcement information. GAO noted that DOJ: (1) security weaknesses have life-and-death implications for such individuals as witnesses, informants, and law enforcement officials whose identities could be disclosed because of inadequate controls; (2) did not develop security plans or conduct risk analyses for its computer systems; (3) did not ensure adequate protection for its highly sensitive computer systems, did not exercise adequate system oversight, lacked contingency plans to combat service interruptions, and did not mandate computer security training for employees using the systems; (4) did not properly control access to its main data center, did not position guards to visually survey activities at the center, and lacked recording mechanisms to store and retrieve information about data center activities; and (5) disposed of surplus computer equipment which was later found to contain highly sensitive data. GAO also noted that DOJ acknowledged its need to improve computer security and identified such efforts as: (1) a more proactive leadership role; (2) a major security upgrade of the data center; (3) increased security awareness training; and (4) more aggressive oversight of contingency plan preparation and use.

Jul 9, 2014

May 14, 2014

Apr 30, 2014

Mar 26, 2014

Jan 13, 2014

Dec 9, 2013

Dec 6, 2013

Nov 20, 2013

Oct 29, 2013

Sep 25, 2013

Looking for more? Browse all our products here