Skip to main content

Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk

GAO-09-661T Published: May 05, 2009. Publicly Released: May 05, 2009.
Jump To:
Skip to Highlights


Information security is a critical consideration for any organization that depends on information systems and computer networks to carry out its mission or business. It is especially important for government agencies, where maintaining the public's trust is essential. The need for a vigilant approach to information security has been demonstrated by the pervasive and sustained computerbased (cyber) attacks against the United States and others that continue to pose a potentially devastating impact to systems and the operations and critical infrastructures that they support. GAO was asked to describe (1) cyber threats to federal information systems and cyberbased critical infrastructures and (2) control deficiencies that make these systems and infrastructures vulnerable to those threats. To do so, GAO relied on its previous reports and reviewed agency and inspectors general reports on information security.

Full Report

Office of Public Affairs


Computer networksComputer securityComputer virusesCritical infrastructureCritical infrastructure protectionCyber securityHomeland securityInformation infrastructureInformation managementInformation securityInformation security managementInformation security regulationsInformation systemsInformation technologyInternal controlsRisk assessmentRisk managementSecurity assessmentsSecurity policiesSecurity regulationsSecurity threatsSoftwareTerrorism