As part of the Government Accountability Office, the Federal
Information Security Management Act of 2002 (FISMA) established an information
security program, which evaluates and provides annual reporting for federal
agencies. The most recent study was released, Weaknesses Continue Amid New
Federal Efforts to Implement Requirements, and reports that security
incidents from federal agencies have increased 650% in the past five years.
Twenty-four agencies were reviewed, and each agency had
weaknesses in information security controls. The report states that one of the
reasons for these fraud prevention
weaknesses have occurred is because the agencies have not fully implemented
their information security programs and fraud prevention
tools.
It is suspected that the increase of information security
weaknesses coincides with many agencies transferring data online for easier
access, especially between agencies. This action has created an opportunity to potentially
expose sensitive information.
Agencies have not fully implemented their information
security programs, Gregory Wilshusen, GAO director of information security
issues. As a result, they have limited assurance that controls are in place
and operating as intended to protect their information resources, thereby
leaving them vulnerable to attack or compromise.