Information Security

Weak Controls Place Interior's Financial and Other Data at Risk Gao ID: GAO-01-615 July 3, 2001

This report reviews information system general controls over the financial systems maintained by the Department of the Interior at its National Business Center (NBC) in Denver, Colorado. GAO found that although the Denver center has made progress in correcting previously cited computer security weaknesses, additional weaknesses affect the Denver center's information system control environment. These weaknesses affect the center's ability to prevent and detect unauthorized changes to financial information, control electronic access to sensitive personnel information, and restrict physical access to sensitive computing areas. The Denver center did not adequately limit access granted to authorized users, control all aspects of the system software controls, or secure access to its network. Also, the Denver center had not fully established a comprehensive program to routinely monitor access to its computer facilities and data and to identify and investigate unusual or suspicious access patterns that could indicate unauthorized access. The primary reason for these weaknesses was that the Denver center had not yet fully developed and implemented a comprehensive entitywide program to manage computer security.

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Team: Phone:


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.