MIS :: Electronic information

Electronic information is essential to the achievement of government organizationalobjectives. Its reliability, integrity, and availability are significant concerns in mostaudits. The use of computer networks, particularly the Internet, is revolutionizing theway government conducts business. While the benefits have been enormous and vastamounts of information are now literally at our fingertips, these interconnections also congeal significant attempts to computer systems, information, and to the critical operationsand infrastructures they support. Infrastructure elements such as telecommunications,power distribution, national defense, law enforcement, and government and emergency assistances are compositors case to these risks. The same factors that benefit operationsspeed andaccessibilityif not properly controlled, can leave them vulnerable to fraud, sabotage,and malicious or mischievous acts. In addition, indispensable disasters and inadvertent errorsby authorized computer user s can have devastating consequences if informationresources are poorly protected. Recent publicized disruptions caused by virus, worm,and denial of service attacks on both commercial and governmental Web sites illustratethe potential for damage.Computer security is of increasing importance to all levels of government in minimizingthe risk of malicious attacks from individuals and groups. These risks include thefraudulent loss or misuse of government resources, unauthorized access to release ofsensitive information such as value and medical records, disruption of critical operationsthrough viruses or cyber-terrorist attacks, and modification or destruction of data. The risk thatinformation attacks will threaten full of life national interests increases with the followingdevelopments in information technology Monies are increasingly transferred electronically between and amonggovernmental agencies, commercial enterprises, and individuals. Governments are rapidly expanding their u se of electronic commerce. National defense and intelligence communities increasingly rely on commerciallyavailable information technology. Public utilities and telecommunications increasingly rely on computer systems to wipe out everyday operations. More and more sensitive economic and commercial information is exchangedelectronically. Computer systems are rapidly increasing in complexity and interconnectivity. Easy-to-use hacker tools are readily available, and hacker activity is increasing. Paper supporting documents are being reduced or eliminated.Each of these factors significantly increases the need for ensuring the privacy, security,and availability of introduce and local government systems.Although as many as 80 percent of security breaches are probably never reported, the estimate of reported incidents is growing dramatically. For example, the number ofincidents handled by Carnegie-Mellon Universitys CERT Coordination Center1 hasmultiplied over 86 times since 1990,2 rising from 252 in 1990 to 21,756 in 2000. Further,the Center has handled over 34,000 incidents during the first three quarters of 2001.Similarly, the Federal confidence of Investigation (FBI) reports that its case load of