INFORMATION SECURITY: Federal Agencies Need to Better Protect Sensitive Data
Abstract
Effective information security for federal computer systems and databases is essential to preventing the loss of resources; the unauthorized or inappropriate use, disclosure, or alteration of sensitive information; and the disruption of government operations. Since 1997, GAO has designated federal information security as a government-wide high-risk area, and in 2003 expanded this area to include computerized systems supporting the nations critical infrastructure. Earlier this year, in GAOs high-risk update, the area was further expanded to include protecting the privacy of personal information that is collected, maintained, and shared by both federal and nonfederal entities. This statement summarizes threats and information security weaknesses in federal systems. In preparing this statement, GAO relied on its previously published work in this area. Over the past 6 years, GAO has made about 2,000 recommendations to improve information security programs and associated security controls. Agencies have implemented about 58 percent of these recommendations. Further, agency inspectors general have made a multitude of recommendations to assist their agencies.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 17, 2015
- Accession Number
- AD1167811
Entities
People
- Christopher Businsky
- Gregory C. Wilshusen
- Joel C. Willemssen
- Larry Crosland
- Nancy Glover
- Rosanna Guerrero
Organizations
- United States Government Accountability Office