[The IT mission team changed its name to Information Technology and Cybersecurity (ITC) in early 2019 to reflect its expanded body of work. Please see our updated blog post to learn more about the ITC team.] GAO’s workforce is organized largely by subject area, with most employees working in 1 of 14 mission teams. Today we’ll be putting the spotlight on the Information Technology (IT) team, which helps the government respond to the challenges of managing the more than $80 billion spent on federal IT every year. These challenges include the effective collection, use, and dissemination of information, as well as securing information and cyber assets. Reports IT team reports cover five issue areas:
- Information Management: Recent work in this area includes reports related to the management of federal records, geospatial data, and Freedom of Information Act requests.
- Strategic IT Management: Recent reports in this area address electronic health records development, as well as government-wide IT reform initiatives, such as IT Dashboard, TechStat sessions, and PortfolioStat.
- System Acquisition, Development, and Integration: In this area, recent work includes reports on major IT acquisitions, such as business systems modernization efforts, weather satellites, border security enforcement systems, and defense automated information systems.
- Operational System Management: Our work in this area focuses on topics like data center consolidation, telecommunications, and maintaining legacy IT systems.
- Cybersecurity and Privacy: Recent reports in this area include topics like agencies’ implementation of federal information security laws, critical infrastructure protection, and prescription drug data.
Excerpted from GAO-14-34We found that eight selected federal agencies generally developed but inconsistently implemented policies and procedures for responding to data breaches involving PII. As a result, these agencies may not be taking consistent actions to limit the risk to individuals whose PII may have been compromised. Therefore, we recommended that the Office of Management and Budget update its guidance on how federal agencies should respond to data breaches. Specifically, we suggested adding:
- guidance on notifying affected individuals based on their level of risk;
- criteria for determining whether to offer assistance such as credit monitoring; and
- revised reporting requirements with improved time frames.