Information Security: Cyber Threats and Vulnerabilities Place Federal Systems at Risk

GAO-09-661T Published: May 05, 2009. Publicly Released: May 05, 2009.

Highlights

Information security is a critical consideration for any organization that depends on information systems and computer networks to carry out its mission or business. It is especially important for government agencies, where maintaining the public's trust is essential. The need for a vigilant approach to information security has been demonstrated by the pervasive and sustained computerbased (cyber) attacks against the United States and others that continue to pose a potentially devastating impact to systems and the operations and critical infrastructures that they support. GAO was asked to describe (1) cyber threats to federal information systems and cyberbased critical infrastructures and (2) control deficiencies that make these systems and infrastructures vulnerable to those threats. To do so, GAO relied on its previous reports and reviewed agency and inspectors general reports on information security.

Full Report

Highlights

Full Report (21 pages)

Accessible Text

GAO Contacts

Gregory C. Wilshusen

Director

Information Technology and Cybersecurity

wilshuseng@gao.gov

Media Inquiries

Sarah Kaczmarek

Managing Director

Office of Public Affairs

media@gao.gov

Public Inquiries

Public Affairs

PublicAffairs@gao.gov

Topics

Information Security

Computer networksComputer securityComputer virusesCritical infrastructureCritical infrastructure protectionCyber securityHomeland securityInformation infrastructureInformation managementInformation securityInformation security managementInformation security regulationsInformation systemsInformation technologyInternal controlsRisk assessmentRisk managementSecurity assessmentsSecurity policiesSecurity regulationsSecurity threatsSoftwareTerrorism