MIS :: Electronic information

Electronic information is essential to the achievement of government organizational objectives. Its reliability, integrity, and availability are significant concerns in most audits. The use of computer networks, particularly the Internet, is revolutionizing the way government conducts business. While the benefits have been enormous and vast amounts of information are now literally at our fingertips, these interconnections also pose significant risks to computer systems, information, and to the critical operations and infrastructures they support. Infrastructure elements such as telecommunications, power distribution, national defense, law enforcement, and government and emergency services are subject to these risks. The same factors that benefit operationsÂâ€"speed and accessibilityÂâ€"if not properly controlled, can leave them vulnerable to fraud, sabotage, and malicious or mischievous acts. In addition, natural disasters and inadvertent errors by authorized computer users can have devastating consequences if information resources are poorly protected. Recent publicized disruptions caused by virus, worm, and denial of service attacks on both commercial and governmental Web sites illustrate the potential for damage. Computer security is of increasing importance to all levels of government in minimizing the risk of malicious attacks from individuals and groups. These risks include the fraudulent loss or misuse of government resources, unauthorized access to release of sensitive information such as tax and medical records, disruption of critical operations through viruses or hacker attacks, and modification or destruction of data. The risk that information attacks will threaten vital national interests increases with the following developments in information technology: • Monies are increasingly transferred electronically between and among governmental agencies, commercial enterprises, and individuals. • Governments are rapidly expanding their use of electronic commerce. • National defense and intelligence communities increasingly rely on commercially available information technology. • Public utilities and telecommunications increasingly rely on computer systems to manage everyday operations. • More and more sensitive economic and commercial information is exchanged electronically. • Computer systems are rapidly increasing in complexity and interconnectivity. • Easy-to-use hacker tools are readily available, and hacker activity is increasing. • Paper supporting documents are being reduced or eliminated. Each of these factors significantly increases the need for ensuring the privacy, security, and availability of state and local government systems. Although as many as 80 percent of security breaches are probably never reported, the number of reported incidents is growing dramatically. For example, the number of incidents handled by Carnegie-Mellon University's CERT Coordination Center1 has multiplied over 86 times since 1990,2 rising from 252 in 1990 to 21,756 in 2000. Further, the Center has handled over 34,000 incidents during the first three quarters of 2001. Similarly, the Federal Bureau of Investigation (FBI) reports that its case load of