Computer Security: DEA is Not Adequately Protecting Sensitive Drug Enforcement Data : Report to the Chairman, Government Information, Justice, and Agriculture Subcommittee, Committee on Government Operations, House of Representatives

Front Cover
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Selected pages

Other editions - View all

Common terms and phrases

Popular passages

Page 10 - Code (the Privacy Act), but which has not been specifically authorized under criteria established by an Executive order or an Act of Congress to be kept secret in the interest of national defense or foreign policy; and (5) the term "Federal agency...
Page 14 - Administrator is authorized and directed to coordinate and provide for the economic and efficient purchase, lease, and maintenance of automatic data processing equipment by Federal agencies. (2XA) For purposes of this section, the term "automatic data processing equipment" means any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching,1 interchange, transmission, or reception,...
Page 15 - OMB Bulletin No. 90-08: Guidance for Preparation of Security Plans for Federal Computer Systems That Contain Sensitive Information.
Page 6 - Departmental computer security programs, and (2) report the computer security deficiencies as a material internal control weakness under the Federal Managers
Page 10 - As you know, the Computer Security Act of 1987 requires federal agencies to develop security plans for computer systems that they designate as containing sensitive information, and to establish mandatory computer security training to make employees aware of their specific responsibilities and how to fulfill them. The Federal Information Resources Management Regulation (41 CFR...
Page 18 - Analyses should be completed by the third quarter of FY 93. 7. In July 1989, Justice auditors recommended that DEA take immediate action to develop and implement contingency plans to ensure continued processing of the agency's mission critical systems in case of a disaster, loss of power, etc. As of August 1992, GAO found that DEA was still operating its computer systems and data communications without clearly established emergency responses, backup, and recovery procedures in place. When will all...
Page 3 - DEA'S computer systems and the sensitive data they contain. This disturbing situation exists because DEA has failed to implement an effective agencywide computer security program...
Page 29 - Finally, because of poor record-keeping, DEA was unable to accurately account for all microcomputer fixed disks that have been sent from DEA offices for repair, returned to service contractors, or destroyed.
Page 33 - DEA should also ensure that thorough risk analyses are conducted for all sensitive computer systems and any identified weaknesses are corrected, contingency plans are tested and implemented, and all employees are made aware of federal and agency computer security requirements and how to fulfill them.
Page 33 - To adequately protect its sensitive computer systems and facilities, DEA should also ensure that thorough risk analyses are conducted for all sensitive computer systems and...

Bibliographic information