ABSTRACT

Information Security: Additional Actions Needed to Address Vulnerabilities That Put VA Data at Risk, Statement of Gregory C. Wilshusen, Director Information Security Issues, Testimony before the Committee on Veterans' Affairs, House of Representatives   [open pdf - 156KB]

From the Highlights: "The Department of Veterans' Affairs (VA) relies extensively on information technology systems that collect, process, and store veterans' sensitive personal information. Without adequate safeguards, these systems and information are vulnerable to compromise. Further, VA has faced long-standing challenges in securing its systems, and reported incidents have demonstrated the impact of cyber-based threats on the confidentiality, integrity, and availability of veterans' personal information. This statement summarizes the Government Accountability Office's (GAO) November 13, 2014 report on VA efforts to address previously identified information security vulnerabilities. For its review, GAO focused on efforts to respond to a network intrusion, address vulnerabilities in key web - based applications, and remediate weaknesses in devices connected to the department's network. To conduct its work, GAO reviewed the results of VA security testing; interviewed department officials; and reviewed policies, procedures, and other documentation. In its report, GAO made eight recommendations to VA to fully address weaknesses in incident response, web applications, and patch management. VA concurred with GAO's recommendations."

Report Number:
GAO-15-220T
Publisher:
Date:
2014-11-18
Copyright:
Public Domain
Retrieved From:
Government Accountability Office: http://www.gao.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations