05:45 PM
GAO Chides SEC for Vulnerable Data
The Government Accountability Office released a report last week stating that the SEC has failed to correct most weaknesses identified in last year's report.
Of 51 weaknesses identified last year, 43 remain and 15 new weaknesses have been identified, according to the report. The commission has failed to control remove access to its servers, establish controls over passwords, manage access to its systems and data, securely configure network devices and servers and implement auditing and monitoring systems to detect and track security incidents, according to the report.
"Overall, SEC has not effectively implemented information security controls to properly protect the confidentiality, integrity and availability of its financial and sensitive information and information systems," the report states. "These weaknesses increase the risk that financial and sensitive information will be inadequately protected against disclosure, modification or loss, possibly without detection and place SEC operations at risk of disruption."
SEC has not fully developed, implemented or documented key elements of an information security program, the report states. Until the commission implements a program, its facilities, computing resources and information will remain vulnerable, according to the report.
The SEC responded to the report stating that its recommendations are appropriate and actionable and that the SEC is fully focused on implementing the recommendations.
The criticism of the commission comes after the GAO identified weaknesses in another body that controls financial data – the Internal Revenue Service.