Summary

Deficiencies in federal information security are a growing concern. In February 1997, GAO included information security in its list of government program areas at high risk for waste, fraud, abuse, and mismanagement. Although many factors contribute to these weaknesses, audits by GAO and Inspectors General have found that an underlying cause is poor management of security programs. This guide, which is intended to help federal officials strengthen their security programs, examines organizations with superior security programs and identifies management practices that could benefit federal agencies.