U.S. government agencies have experienced a 650-percent increase in security incidents over the past five years due in large part to weaknesses in information-security policies and practices, according to a report released this week by the Government Accountability Office (GAO).
The Federal Information Security Management Act of 2002 (FISMA) requires the Office of Management and Budget (OMB) to develop and oversee the implementation of policies, standards and guidelines on information security at executive branch agencies, but in a survey of 24 of these agencies during fiscal-year 2010 the GAO found that while some progress has been made, “much work remains.”
Perhaps most disturbingly, it said that:
- “most major federal agencies had weaknesses in each of the five major categories of information system controls: (1) access controls, which ensure that only authorized individuals can read, alter, or delete data; (2) configuration management controls, which provide assurance that only authorized software programs are implemented; (3) segregation of duties, which reduces the risk that one individual can independently perform inappropriate actions without detection; (4) continuity of operations planning, which helps avoid significant disruptions in computer-dependent operations; and (5) agency-wide information security programs, which provide a framework for ensuring that risks are understood and that effective controls are selected and implemented.”
It reported that all 24 agencies “had vulnerabilities in access control, configuration management, and security management” and that “[d]eficiencies in segregation of duties and contingency planning, while not reported for all of these agencies, were prevalent.”
Click here to view or download the report.
October 8 Update: After we published this post yesterday, President Obama issued an Executive Order aimed at closing security gaps in classified computer networks and safeguarding classified national security information shared across such networks. The Executive Order is here.
––––––––––––––––
Digital Sandbox is the leader in public safety risk management, providing analytic tools and information products to government agencies and large enterprises for optimizing risk-based strategic, policy and budgetary decisions.
Comments and Discussion
Join The Conversation +Be the first to comment!
Join The Conversation