Automated Systems Security--Federal Agencies Should Strengthen Safeguards Over Personal and Other Sensitive Data: Report to the Congress
General Accounting Office, 1979 - Administrative agencies - 74 pages
GAO surveyed selected agencies in 1977 because of the generally high level of congressional interest in federal information policies following the enactment of the Privacy Act and the Freedom of Information Act Amendments in 1974. Subsequently, GAO was specifically requested to examine and report on the status and effectiveness of major computer security programs. At a time when increasing reliance is placed on computers and rapidly advancing ADP technology, security procedures for systems processing personal and other sensitive data generally were inadequate. The agencies: (1) lacked comprehensive computer security programs and technical, administrative, and physical safeguards; (2) did not place the computer security functions at a sufficiently high level, with independence from operating functions, to preclude preemption by operational priorities; (3) did not understand and employ risk management techniques for economic selection of safeguards; (4) did not take advantage of the technical guidance provided by the National Bureau of Standards; and (5) did not effectively use their internal audit resources.
What people are saying - Write a review
We haven't found any reviews in the usual places.
addressed administrative security ADP division ADP operations ADP security agencies we reviewed agencies we surveyed agency heads agency's application software assure audit trails Automatic Data Processing Bureau comprehensive computer data computer data security computer operations computer security audit computer security programs computer systems security contractor data security program data systems defined departments and agencies effective employees established Federal agencies Government guidance guidelines heads of agencies independent information systems internal audit organizations involved issued management control monitoring and reporting OMB's directive passwords personnel physical security potential Privacy Act procedures protection of data risk analysis risk management rity program secu security function security measures security plans security requirements security responsibility security safeguards selected sensitive data separation of duties specific standards Stanford Research Institute Systems Security Administrator systems security programs tape task force technical security test penetrations tion top management Transmittal Memorandum users