计算机安全:普遍的,严重的弱点危害国务院的行动(书信报告,05/01/98,GAO/AIMD-98-145)。
根据国会的要求,GAO审查了以下情况:(1)国务院的非机密自动信息系统易受未经授权的访问;(2)国家正在采取什么措施解决信息安全问题;金博宝正规网址以及(3)解决计算机安全问题可能需要哪些额外的行动。高指出:(1)国家信息系统及其包含的信息容易被未经授权的个人访问、更改、泄露、中断甚至拒绝服务;(2) GAO进行了渗透测试,以确定State系统易受非法访问的程度,并发现能够访问敏感信息;(3)此外,GAO对国家计算机资源的渗透在很大程度上未被发现,进一步凸显了该部门的严重漏洞;(4) GAO的测试结果显示,企图破坏国家运作、从事恐怖主义活动或获取经济利益的个人或组织有可能利用国务院的信息安全弱点;(5)尽管国家正在进行一些项目,以提高其信息系统的安全性,并帮助保护敏感信息,但它没有一个安全计划,使国家官员能够全面管理与国务院运作相关的风险;(六)国家缺乏监督和协调安全活动的中央中心点;(7)国家没有根据其敏感性、临界性和价值定期进行风险评估以保护其敏感信息; (8) the department's primary information security policy document is incomplete; (9) the department lacks key controls for monitoring and evaluating the effectiveness of its security programs and it has not established a robust incident response capability; (10) State needs to greatly accelerate its efforts and address these serious information security weaknesses; (11) however, to date, its top managers have not demonstrated that they are committed to doing so; (12) Internet security was the only area in which GAO found that State's controls were currently adequate; (13) however, plans to expand its Internet usage will create new security risks; (14) State conducted an analysis of the risks involved with using the Internet more extensively, but has not yet decided how to address the security risks of additional external connectivity to the concerns this review has raised; and (15) if State increases its Internet use before instituting a comprehensive security program and addresses the additional vulnerabilities unique to the Internet, it will unnecessarily increase the risks of unauthorized access to its systems and information. --------------------------- Indexing Terms ----------------------------- REPORTNUM: AIMD-98-145 TITLE: Computer Security: Pervasive, Serious Weaknesses Jeopardize State Department Operations DATE: 05/01/98 SUBJECT: Computer security Information systems Data integrity Internal controls Confidential communication Information resources management IDENTIFIER: Internet
