Risk assessment (1 - 10 of 33 items)
Electronic Health Information: HHS Needs to Strengthen Security and Privacy Guidance and Oversight
GAO-16-771: Published: Aug 26, 2016. Publicly Released: Sep 26, 2016.
The use of electronic health information can allow providers to more efficiently share information and give patients easier access to their health information, among other benefits. Nonetheless, systems storing and transmitting health information in electronic form are vulnerable to cyber-based threats. The resulting breaches—involving over 113 million records in 2015—can have serious adverse...
Critical Infrastructure Protection: Sector-Specific Agencies Need to Better Measure Cybersecurity Progress
GAO-16-79: Published: Nov 19, 2015. Publicly Released: Nov 19, 2015.
Sector-specific agencies (SSA) determined the significance of cyber risk to networks and industrial control systems for all 15 of the sectors in the scope of GAO's review. Specifically, they determined that cyber risk was significant for 11 of 15 sectors. Although the SSAs for the remaining four sectors had not determined cyber risks to be significant during their 2010 sector-specific planning pro...
Maritime Critical Infrastructure Protection: DHS Needs to Enhance Efforts to Address Port Cybersecurity
GAO-16-116T: Published: Oct 8, 2015. Publicly Released: Oct 8, 2015.
Similar to other critical infrastructures, the nation's ports face an evolving array of cyber-based threats. These can come from insiders, criminals, terrorists, or other hostile sources and may employ a variety of techniques or exploits, such as denial-of-service attacks and malicious software. By exploiting vulnerabilities in information and communications technologies supporting port operations...
Maritime Critical Infrastructure Protection: DHS Needs to Better Address Port Cybersecurity
GAO-14-459: Published: Jun 5, 2014. Publicly Released: Jun 5, 2014.
Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited.While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific po...
Information Security: Agency Responses to Breaches of Personally Identifiable Information Need to Be More Consistent
GAO-14-34: Published: Dec 9, 2013. Publicly Released: Jan 8, 2014.
The eight federal agencies GAO reviewed generally developed, but inconsistently implemented, policies and procedures for responding to a data breach involving personally identifiable information (PII) that addressed key practices specified by the Office of Management and Budget (OMB) and the National Institute of Standards and Technology. The agencies reviewed generally addressed key management an...
Cybersecurity: National Strategy, Roles, and Responsibilities Need to Be Better Defined and More Effectively Implemented
GAO-13-187: Published: Feb 14, 2013. Publicly Released: Feb 14, 2013.
Threats to systems supporting critical infrastructure and federal operations are evolving and growing. Federal agencies have reported increasing numbers of cybersecurity incidents that have placed sensitive information at risk, with potentially serious impacts on federal and military operations; critical infrastructure; and the confidentiality, integrity, and availability of sensitive government,...
Information Security: Additional Guidance Needed to Address Cloud Computing Concerns
GAO-12-130T: Published: Oct 6, 2011. Publicly Released: Oct 6, 2011.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the security implications of cloud computing. This t...
Information Security: Governmentwide Guidance Needed to Assist Agencies in Implementing Cloud Computing
GAO-10-855T: Published: Jul 1, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, reportedly has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to testify on the benefits and risks of moving federal...
Information Security: Federal Guidance Needed to Address Control Issues with Implementing Cloud Computing
GAO-10-513: Published: May 27, 2010. Publicly Released: Jul 1, 2010.
Cloud computing, an emerging form of computing where users have access to scalable, on-demand capabilities that are provided through Internet-based technologies, has the potential to provide information technology services more quickly and at a lower cost, but also to introduce information security risks. Accordingly, GAO was asked to (1) identify the models of cloud computing, (2) identify the in...
Information Security: Concerted Effort Needed to Improve Federal Performance Measures
GAO-09-617: Published: Sep 14, 2009. Publicly Released: Oct 29, 2009.
Information security is a critical consideration for federal agencies, which depend on information systems to carry out their missions. Increases in reports of security incidents demonstrate the urgency of adequately protecting the federal government's data and information systems. Agencies are required to report to the Office of Management and Budget (OMB) on their information security programs,...