Electronic Information
Essay by review • December 23, 2010 • Research Paper • 1,095 Words (5 Pages) • 1,067 Views
Electronic information is essential to the achievement of government organizational
objectives. Its reliability, integrity, and availability are significant concerns in most
audits. The use of computer networks, particularly the Internet, is revolutionizing the
way government conducts business. While the benefits have been enormous and vast
amounts of information are now literally at our fingertips, these interconnections also
pose significant risks to computer systems, information, and to the critical operations
and infrastructures they support. Infrastructure elements such as telecommunications,
power distribution, national defense, law enforcement, and government and emergency
services are subject to these risks. The same factors that benefit operations--speed and
accessibility--if not properly controlled, can leave them vulnerable to fraud, sabotage,
and malicious or mischievous acts. In addition, natural disasters and inadvertent errors
by authorized computer users can have devastating consequences if information
resources are poorly protected. Recent publicized disruptions caused by virus, worm,
3
and denial of service attacks on both commercial and governmental Web sites illustrate
the potential for damage.
Computer security is of increasing importance to all levels of government in minimizing
the risk of malicious attacks from individuals and groups. These risks include the
fraudulent loss or misuse of government resources, unauthorized access to release of
sensitive information such as tax and medical records, disruption of critical operations
through viruses or hacker attacks, and modification or destruction of data. The risk that
information attacks will threaten vital national interests increases with the following
developments in information technology:
* Monies are increasingly transferred electronically between and among
governmental agencies, commercial enterprises, and individuals.
* Governments are rapidly expanding their use of electronic commerce.
* National defense and intelligence communities increasingly rely on commercially
available information technology.
* Public utilities and telecommunications increasingly rely on computer systems to
manage everyday operations.
* More and more sensitive economic and commercial information is exchanged
electronically.
* Computer systems are rapidly increasing in complexity and interconnectivity.
* Easy-to-use hacker tools are readily available, and hacker activity is increasing.
* Paper supporting documents are being reduced or eliminated.
Each of these factors significantly increases the need for ensuring the privacy, security,
and availability of state and local government systems.
Although as many as 80 percent of security breaches are probably never reported, the
number of reported incidents is growing dramatically. For example, the number of
4
incidents handled by Carnegie-Mellon University's CERT Coordination Center1 has
multiplied over 86 times since 1990,2 rising from 252 in 1990 to 21,756 in 2000. Further,
the Center has handled over 34,000 incidents during the first three quarters of 2001.
Similarly, the Federal Bureau of Investigation (FBI) reports that its case load of
computer intrusion-related cases is more than doubling every year. The fifth annual
survey conducted by the Computer Security Institute in cooperation with the FBI found
that 70 percent of respondents (primarily large corporations and government agencies)
had detected serious computer security breaches within the last 12 months and that
quantifiable financial losses had increased over past years.3
Are agencies responding to the call for greater security? There is great cause for concern
regarding this question, since GAO's November 2001 analyses4 of computer security
identified significant weaknesses in each of the 24 major agencies covered by its reviews.
The weaknesses identified place a broad array of federal operations and assets at risk of
fraud, misuse, and disruption. For example, weaknesses at the Department of Treasury
increase the risk of fraud associated with billions of dollars of federal payments and
collections, and weaknesses at the Department of Defense increase the vulnerability of
various military operations that support the department's war-fighting capability.
Further, information security weaknesses place enormous amounts of confidential data,
ranging from personal, financial, tax, and health data to proprietary business
information, at risk of inappropriate disclosure.
Reviews of general and application controls often point up basic control weaknesses in
IT systems of state agencies as well. Typical weaknesses include the following:
*
...
...