Politically Motivated Computer Crime and Hacktivism: Information Security Makes GAO High Risk Report for the 12th Year

Friday, January 23, 2009

Information Security Makes GAO High Risk Report for the 12th Year

The U.S. Government Accountability Office (GAO) has updated its list of governmental projects that are at risk "due to their greater vulnerabilities to fraud, waste, abuse, and mismanagement. GAO also identifies high-risk areas needing broad-based transformation to address major economy, efficiency, or effectiveness challenges."

Information security continues to make the list - for the 12th year. In the section titled: "Protecting the Federal Government’s Information Systems and the Nation’s Critical Infrastructures", the report makes note that the Department of Homeland Security (DHS) has made some progress but still falls short:

"Federal information security has been on GAO’s list of high-risk areas since 1997; in 2003, GAO expanded this high-risk area to include cyber CIP [Critical Infrastructure Protection]. The continued risks to information systems include escalating and emerging threats; the ease of obtaining and using hacking tools; the steady advance in the sophistication of attack technology; and the emergence of new and more destructive attacks."

Specifically, the report refers to numerous detailed past GAO reports and summarizes several areas requiring attention:

"Since 2006, GAO has made numerous recommendations in the following key areas:
bolstering cyber analysis and warning capabilities.
reducing organizational inefficiencies.
completing actions identified during cyber exercises.
developing sector-specific plans that fully address all cyber-related criteria.
improving cyber security of infrastructure control systems.
strengthening DHS’s ability to help recover from Internet disruptions.
"Until these and other key cyber security areas are effectively addressed, the nation’s cyber critical infrastructure is at risk of increasing threats posed by terrorists, nation-states, and others."

HIGH-RISK SERIES: An Update

No comments:

Post a Comment

About Encurve, LLC

Encurve, LLC - Building Intentional Security^TM.

Intentional - Purposeful. Deliberate. Planned.
That's what security should be.

Closing the gap between business leaders and security practitioners is what intentional security is all about.

Encurve, LLC offers a wide range of services:

Security Assessment & Management Services
Employing our real-world experience and proprietary methodologies to help security organizations become for focused and efficient.

Executive Advisory & Support Services
Providing the strategic and business focused analysis required by business leaders to make investment and risk decisions without getting lost in the technology.

Security Business Development
Enabling companies to provide professional or managed security offerings to their customers through the development of core and differentiated capabilities.

Brochures

Encurve's Security Capabilities
Encurve's Protect OnDemand^TM Solutions for Demanding Security Situations
Incident Response Capability Assessments
Due Diligence Services
Security Assessment Training
About Encurve and Intentional Security

Contact Encurve, LLC to start Building Intentional Security^TM.

Building Intentional Security^TM and Protect OnDemand^TM are trademarks of Encurve, LLC in the United States and other countries.