INFORMATION SECURITY: Department of Education and Other Federal Agencies Need to Better Implement Controls
Abstract
The federal government faces an evolving array of cyber-based threats to its systems and data, and data breaches at federal agencies have compromised sensitive personal information, affecting millions of people. Education, in carrying out its mission of serving Americas students, relies extensively on IT systems that collect and process a large amount of sensitive information. Accordingly, it is important for federal agencies such as Education to implement information security programs that can help protect systems and networks. GAO has identified federal information security as a government-wide high-risk area since 1997, and in February 2015 expanded this to include protecting the privacy of personally identifiable information. This statement provides information on cyber threats facing federal systems and information security weaknesses identified at federal agencies, including Education. In preparing this statement, GAO relied on previously published work and updated data on security incidents and federal cybersecurity efforts. Over the past 6 years, GAO has made about 2,000 recommendations to federal agencies to correct weaknesses and fully implement agency-wide information security programs. Agencies have implemented about 58 percent of these recommendations. Agency inspectors general have also made a multitude of recommendations to assist their agencies.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 17, 2015
- Accession Number
- AD1167828
Entities
People
- Christopher Businsky
- Fatima Jahan
- Gregory C. Wilshusen
- Larry Crosland
- Lee Mccracken
- Rosanna Guerrero
Organizations
- United States Government Accountability Office