• United States



by Dave Gradijan

GAO: More Leadership and Security Needed at VA

Jun 20, 20062 mins
CSO and CISOData and Information Security

A recent report by the Government Accountability Office (GAO) found that steps for information security taken so far at the U.S. Department of Veterans Affairs (VA) have been insufficient to establish a comprehensive information security program.

The GAO also wrote that the VA will continue to face major information security challenges unless it moves forward with a proactive and comprehensive security plan.

The report recommended that the VA should start a privacy impact assessment—an analysis of how the personal information of veterans is collected, stored, shared and managed. Additionally, the department needs to take more specific practical measures to prevent data breaches, which includes limiting how information is used and shared as well as providing increased training for VA employees.

In order to achieve this, the GAO said that strong leadership with a sustained commitment from all levels of management would be needed, something it said the VA is lacking.

The GAO also stated that impending privacy and data security laws need to include notification and reporting requirements.

For more information on data theft, read Data Theft at the VA and When the Dike Breaks: Responding to the Inevitable Data Breach.

Keep checking in at our Security Feed page, or subscribe via RSS, for updated news coverage.

By Paul Kerstein