Information Security: Comments on the Proposed Government Information Security Act of 1999. Statement of Jack L. Brock Director, Governmentwide and Defense Information Systems, Accounting and Information Management Division before the Committee on Governmental Affairs, U.S. Senate, March 12, 2000 [open pdf - 165KB]
This GAO testimony covers " the Government Information Security Act of 1999, which seeks to strengthen information security practices throughout the federal government. Such efforts are necessary and critical. Our work has shown that almost all government agencies are plagued by poor computer security. Recent events such as the denial of service attacks last month indicate the damage that can occur when an organization's computer security defenses are breached. However, Mr. Chairman, let me emphasize that the potential for more serious disruption is significant. As I stated in recent testimony, our nation's computer-based infrastructures are at increasing risk of severe disruption. The dramatic increase of computer interconnectivity, while beneficial in many ways, has provided pathways among systems that, if not properly secured, can be used to gain unauthorized access to data and operations from remote locations. Government officials are increasingly worried about attacks from individuals and groups with malicious intentions, such as terrorists and nations engaging in information warfare.1 S. 1993 provides opportunities to address this problem. It updates the legal framework that supports federal information security requirements and addresses widespread federal information security weaknesses. In particular, the bill provides for a risk-based approach to information security and independent annual audits of security controls. Moreover, it approaches security from a governmentwide perspective, taking steps to accommodate the significantly varying information security needs of both national security and civilian agency operations."
Government Printing Office: http://www.gpoaccess.gov/