Computer Security: Improvements Needed to Reduce Risk to Critical Federal Operations and Assets
Abstract
Analysis of recent information security audits and evaluations at federal agencies are discussed. As with other large organizations, federal agencies rely extensively on computerized systems and electronic data to support their missions. Accordingly, the security of these systems and data is essential to avoiding disruptions in critical operations, as well as to helping prevent data tampering, fraud, and inappropriate disclosure of sensitive information. This analyses covers information security audits and evaluations that GAO and agency inspectors general (IGs) performed since July 2000 at 24 major federal departments and agencies. In summarizing these results, Pervasive weaknesses that led GAO to initially begin reporting information security as a governmentwide high-risk issue in 1997 is discussed. Serious risks that these weaknesses pose at selected individual agencies and also descriptions of the major common weaknesses that agencies need to address to improve their information security programs are addressed. Also, the importance of establishing a strong agencywide security management program in each agency and developing a comprehensive governmentwide strategy for improvement is presented.
Document Details
- Document Type
- Technical Report
- Publication Date
- Nov 09, 2001
- Accession Number
- ADA396473
Entities
People
- Robert F. Dacey
Organizations
- United States Government Accountability Office