Information Security: USDA Needs to Implement Its Departmentwide Information Security Plan: AIMD-00-217

August 2000
GAO Reports;8/10/2000, p1
Government Document
The Department of Agriculture (USDA) relies on automated systems and networks to deliver billions of dollars in programs to its customers; process and communicate sensitive payroll, financial, and market data; and maintain personal customer information. This report discusses steps that USDA has taken to improve information security and implement its August 1999 departmentwide information security plan. GAO found that USDA has developed recommendations to strengthen departmentwide information security and has hired a new Associate Chief Information Officer for Cyber-Security. Since the plan was issued, however, little progress has been made to implement the plan's other recommendations for strengthening the department's information security. Moreover, GAO found that USDA has not developed and documented a strategy to implement the action plan recommendations with established priorities and the detailed steps, time frames, milestones, and total resources needed to fully carry them out. GAO concludes that until USDA fully implements these important information security improvements, its critical assets will remain vulnerable to cyber attacks and other threats. GAO recommends that USDA develop a detailed strategy to implement the action plan and take steps that would demonstrate that information security is a departmentwide priority.


Related Articles

  • Information Security: Further Efforts Needed to Address Serious Weaknesses to USDA: GAO-04-154. Dacey, Robert F. // GAO Reports;1/30/2004, p1 

    The U.S. Department of Agriculture (USDA) performs critical missions that enhance the quality of life for the American people, relying on automated systems and networks to deliver billions of dollars in programs to its customers; process and communicate sensitive payroll, financial, and market...

  • Office of Privacy, Records, and Disclosure; Privacy Act of 1974, as Amended. Sopko, John F. // Federal Register (National Archives & Records Service, Office of;8/3/2012, Vol. 77 Issue 150, p46551 

    The article announces a notice of proposed Privacy Act Systems of Records from the U.S. Special Inspector General for Afghanistan Reconstruction (SIGAR). The Social Media system will help the agency by providing new ways to link and share information. The Internal Electronic Collaboration Tools...

  • ISO 17799: "BEST PRACTICES" IN INFORMATION SECURITY MANAGEMENT? Qingxiong Ma; Pearson, J. Michael // Communications of the Association for Information Systems;2005, Vol. 15, p577 

    To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on...

  • Incident Response.  // Network Dictionary;2007, p342 

    A definition of the term "incident response," which refers to an action taken in response to an incident affecting information security, is presented.

  • Information Security Risk Assessment: Practices of Leading Organizations: AIMD-00-33.  // GAO Reports;11/1/1999, p1 

    Managing the risks stemming from the government's growing reliance on information technology is a continuing challenge. This guide is intended to help federal managers implement an ongoing information security risk assessment. GAO provides examples, or case studies, of practical risk assessment...

  • Authentication -- passwords and beyond. Stoller, Jacob // CMA Management;Feb2009, Vol. 82 Issue 9, p44 

    The article discusses the importance of authentication and monitoring of users for the information security of an organization. It mentions that password protection is intrinsically weak due to the fact that stealing passwords does not take any special equipment or training. It suggests that...

  • Single Sign-On, Multiple Benefits. Emigh, Jacqueline // Government Security;May2005, Vol. 4 Issue 4, p34 

    Discusses the benefits of the information security technology called "single sign-on" (SSO). Management of access to information systems; United States Post Office's implementation of the SSO technology; Complexity of the underlying technology behind SSO; Costs associated with password...

  • Data sharing initiatives are failing on individual privacy, BCS debate told. Richards, Justin // Computer Weekly;4/1/2008, p32 

    The article discusses the relationship between data sharing and privacy. It is stated that a greater understanding of the concepts of privacy, confidentiality and anonymity is required for data sharing within an enterprise. It is further stated that the aim of the information system should be to...

  • Small Victory. Parizo, Eric B. // Information Security;Jan2006, Vol. 9 Issue 1, p25 

    The article presents the results of a study on the improvements in patching vulnerable systems conducted by Gerhard Eschelbeck, chief technical officer at Qualys in 2005. Internal systems were patched in 48 weeks, two weeks better than in 2004. 90% of vulnerability exposure is caused by only 10%...


Read the Article

Other Topics