Group items tagged

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

Government Information Security Podcasts As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info Probing Federal IT Security Programs: Gregory Wilshusen, GAO February 23, 2009 Government Accountability Office auditors will have a busy spring, examining a number of federal government programs aimed at securing government information systems and data. In an interview with GovInfoSecurity.com, Gregory Wilshusen discusses how the GAO is looking at how private industry and two dozen federal agencies employ metrics to measure the effectiveness of information security control activities. Other current GAO information security investigations he discusses include: Federal Desktop Core Configuration intended to standardize security features on personal computers purchased by the government. Trusted Internet Connection initiative aimed at slashing government Internet connections to fewer than 100 from more than 2,000. Einstein automated networking monitoring program run by U.S Computer Emergency Readiness Team. Gregory Wilshusen is director of information security issues at GAO, where he leads information security-related studies and audits of the federal government. He has more than 26 years of auditing, financial management and information systems experience. Before joining GAO in 1997, Wilshusen served as a senior systems analyst at the Department of Education as well as the controller for the North Carolina Department of Environment, Health and Natural Resources.

Weak security policies and practices in nearly all 24 major federal agencies in 2008 have resulted in exposing personally identifiable information of Americans, according to a new report from the Government Accountability Office (GAO). "An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs," according to the GAO report, issued Monday. "As a result, agencies have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise." Federal agencies have reported some progress, providing awareness training for employees and testing system contingency plans, the GAO said. Still, employees with significant security responsibilities are not getting enough security training and known vulnerabilities remain wide open. The GAO conducts a periodic review of information security policies and procedures at federal agencies. Inspectors general review agency conformity to the Federal Information Security Management Act of 2002 (FISMA) and report their findings to Congress.

Twenty-three of the 24 major U.S. government agencies contain weaknesses in their information security programs, potentially placing sensitive data at risk to exposure, according to a government report issued this week. The U.S. Government Accountability Office (GAO) studied how the agencies were responding to the regulations described in the Federal Information Security Management Act of 2002 (FISMA). The mandate requires government entities to develop and implement an agencywide information security program. Inspectors general conduct annual reviews of agency progress. The GAO review, which took place between last December and this month, concluded that, partly based on inspectors general and federal Office of Management and Budget (OMB) reports, that 23 of 24 agencies contain lax controls to ensure that only approved users can access system data. Meanwhile, 22 of 24 agencies described information security as a "major management challenge," according to the report.

The Government Accountability Office issued another scathing report saying that federal agencies still don't do enough to secure government IT assets. "Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of most federal agencies," Gregory Wilshusen, GAO director of information security issues, wrote in a 66-page report issued Friday. "Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss, or improper disclosure of personally identifiable information of Americans, thereby exposing them to loss of privacy and identity theft." In a written response accompanying the report, federal CIO Vivek Kundra said OMB is committed to the vision of a secure federal government, and are taking steps to make that vision a reality. OMB, he said, has initiated a review of the language in the current reporting instructions to identify and clarify confusion in the annual reporting. OMB also is working with the CIO Council and the Council of Inspectors General on Integrity and Efficiency to improve guidance to agencies. The GAO report also said that nearly all of the 24 major federal agencies last year had weaknesses in information security controls. "An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs," Wilshusen said. "As a result, agencies have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise."

1. You get what you pay for. 2. Americans do not take information or security as seriously as they do their love for profit & cost savings. If one does not value what they are trying to protect accurately, the investment one is prepared to make will always be insufficient. Then there are hindsight and rationalization (a.k.a. politicians) - Karl The Government Accountability Office issued another scathing report saying that federal agencies still don't do enough to secure government IT assets. "Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of most federal agencies," Gregory Wilshusen, GAO director of information security issues, wrote in a 66-page report issued Friday. "Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss, or improper disclosure of personally identifiable information of Americans, thereby exposing them to loss of privacy and identity theft." In a written response accompanying the report, federal CIO Vivek Kundra said OMB is committed to the vision of a secure federal government, and are taking steps to make that vision a reality. OMB, he said, has initiated a review of the language in the current reporting instructions to identify and clarify confusion in the annual reporting. OMB also is working with the CIO Council and the Council of Inspectors General on Integrity and Efficiency to improve guidance to agencies. The GAO report also said that nearly all of the 24 major federal agencies last year had weaknesses in information security controls. "An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs," Wilshusen said. "As a result, agencies have limited assurance that controls are in place and operating as intended to protect their inf

This week, the Government Accountability Office issued a report related to privacy and security issues at FDA and another report about the agency's plans to modernize its IT systems, Government Health IT reports. Privacy and Security Report On Monday, GAO released a report suggesting that FDA has not included sufficient privacy and security protections in its plans for a medical product safety monitoring system called the Sentinel Initiative. The system would use data from insurance companies, academic institutions, government agencies and health care providers to track the performance of medications and medical devices. According to the FDA Amendments Act of 2007, the initiative would have access to data from 25 million people by mid-2010 and 100 million people by mid-2012 (Foxhall, Government Health IT, 6/2). For the report, GAO conducted an audit of FDA's planning process for Sentinel from May 2008 to May 2009.

"The number of fraudulent IRS websites taken down in 2008 soared to 3,030, up more than 240 percent from 2007, according to a GAO analysis of Internal Revenue Service data, suggesting a sharp increase by criminals to draw unassuming taxpayers to faux tax agency websites to steal identities and money. In a Government Accountability Office audit, made public Thursday, the GAO credited the IRS for implementing programs to prevent, detect and resolve identity theft, but said the tax agency needs to do a better job in assessing the effectiveness of its initiatives. And, as it relates to potential online abuse, the IRS should be more consistent in enforcing security controls. "

(PDF) Information security is a critical consideration for any organization that depends on information systems and computer networks to carry out its mission or business. It is especially important for government agencies, where the public's trust is essential. The dramatic expansion in computer interconnectivity and the rapid increase in the use of the Internet are changing the way our government, the nation, and much of the world communicate and conduct business. Without proper safeguards, they also pose enormous risks that make it easier for individuals and groups with malicious intent to intrude into inadequately protected systems and use such access to obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks.

It's unclear whether a report being prepared for President Barack Obama on federal information security preparedness will support recent calls for the creation of a new cybersecurity office within the White House, two lawmakers said last week. Instead, the report may recommend a more collaborative and cooperative strategy among federal agencies on the issue of cybersecurity without a single agency or department in charge, they said. Members of the U.S. House Cybersecurity Caucus met with Melissa Hathaway, acting senior director for cyberspace for the National Security Council and Homeland Security Council. Hathaway, who is conducting a 60-day review of federal cybersecurity preparedness on behalf of the president, Thursday presented a status report to members of the caucus. Speaking with reporters after the briefing, Rep. James Langevin (D-R.I.), co-chair of the caucus, and Rep. Yvette Clarke (D-N.Y.), chairwoman of a subcommittee within the Committee on Homeland Security, said it was unclear yet what Hathaway might recommend. Rather than "include another structure" within the White House, there may be a call for an increase in staffing within the White House Office of Management and Budget (OMB) in a bid to improve its current role of overseeing government cyberaffairs, said Langevin. Chances are "there will not be one king," he said. Langevin co-chaired a commission at the Center for Strategic and International Studies, a bipartisan think tank, that has called for the creation of a centralized cybersecurity office in the White House to be named the National Office for Cyberspace. The new office could combine the National Cyber Security Center (NCSC) and the Joint Interagency Cyber Task Force, two existing agencies that are handing cybersecurity today. The U.S. Government Accountability Office (GAO) has also called for a new office dedicated to cybersecurity within the White House. Calls have been prompted by what is perceived as the inability of the U.S. De