Advisory Memorandum A1-06: SBA’s Computer Security Program
On September 28, 2001, the OIG issued Advisory Memorandum A1-06, SBA’s Computer Security Program. The objective of this review was to evaluate the SBA’s computer security program and assess management controls over safeguarding of information in accordance with Government Information Security Reform Act (GISRA) requirements. While the SBA generally maintained a satisfactory information security program, the OIG found that vulnerabilities continued to exist in computer security testing, computer security program monitoring, system access controls, and disaster recovery and contingency planning. The OIG made 12 recommendations to address four findings.