Cyber Attack: Is the Government Safe? : Hearing Before the Committee on Governmental Affairs, United States Senate, One Hundred Sixth Congress, Second Session, March 2, 2000 |
Other editions - View all
Common terms and phrases
accountable ADAMS agency heads apply security patches assessment audit bill BROCK Center Chairman THOMPSON Cisco Cisco Systems Clinger-Cohen Act computer crimes computer networks computer security computer systems CONGRESS THE LIBRARY Critical Infrastructure cyber attack Defense denial of service develop employees enhance monitoring ensure evaluation exploit Federal Government going Government Information Security governmentwide hacker hacking implemented industry information resources information security information systems Infrastructure Protection inserting subchapter Inspector Internet intruder investigations Kevin Mitnick LIBRARY OF CONGRESS NASA NASA's national security network security operating systems organization oversight passwords policies private sector problem procedures requirements responsibilities revolution risk rity secu security measures security practices Senator EDWARDS Senator LIEBERMAN SMTP SNMP social engineering software to current standards striking chap striking chapter subsection system administrators target testimony Thank things threat unauthorized access Update vulnerabilities WATSON weaknesses
Popular passages
Page 63 - These plans and procedures were incomplete because operations and supporting resources had not been fully analyzed to determine which were most critical and would need to be restored first Further, existing plans were not fully tested to identify their weaknesses. As a result, many agencies have inadequate assurance that they can recover operational capability in a timely, orderly manner after a disruptive attack As another of its performance measures, OMB required agencies to report the number and...
Page 61 - Access Controls Access controls limit or detect inappropriate access to computer resources (data, equipment, and facilities), thereby protecting these resources against unauthorized modification, loss, and disclosure. Access controls include physical protections — such as gates and guards — as well as logical controls, which are controls built into software that...
Page 71 - Administrator shall coordinate with the Deputy Director for Management of the Office of Management and Budget...
Page 60 - Periodically evaluating the effectiveness of security policies and controls and acting to address any identified weaknesses are fundamental activities that allow an organization to manage its information security risks cost effectively, rather than reacting to individual problems ad hoc only after a violation has been detected or an audit finding has been reported.
Page 65 - Individually, as well as collectively, the annual independent evaluations provide much needed information for improved oversight by OMB and the Congress. Our years of auditing agency security programs have shown that independent tests and evaluations are essential to verifying the effectiveness of computer-based controls.
Page 61 - ... passwords or other identifiers and (2) limit the files and other resources that an authenticated user can access and the actions that he or she can execute. Without adequate access controls, unauthorized individuals, including outside intruders...
Page 60 - Each organization needs a set of management procedures and an organizational framework for identifying and assessing risks, deciding what policies and controls are needed, periodically evaluating the effectiveness of these policies and controls, and acting to address any identified weaknesses. These are the fundamental activities that allow an organization to manage its information security risks...
Page 61 - ... programming as well as malicious efforts to insert unauthorized computer program code. Without adequate controls, incompletely tested or unapproved software can result in erroneous data processing that, depending on the application, could lead to losses or faulty outcomes. In addition, individuals could surreptitiously modify software programs to include processing steps or features that could later be exploited for personal gain or sabotage.
Page 67 - ... maintained on paper or in stand-alone computers, the main concern was data confidentiality, especially as it pertained to classified national security data. Now, virtually all agencies rely on interconnected computers to maintain information and carry out operations that are essential to their missions. While the confidentiality needs of these data vary, all agencies must be concerned about the integrity and the availability of their systems and data. It is important for all agencies to understand...
Page 66 - ... federal government's efforts to meet the Year 2000 computing challenge. Third, the reform provisions take a governmentwide approach to information security by accommodating a wide range of information security needs and applying requirements to all agencies, including those engaged in national security. This is important because the information security needs of civilian agency operations and those of national security operations have converged in recent years. In the past, when sensitive information...