GAO slams SEC protection of sensitive data
The Securities and Exchange Commission needs to strengthen its controls over financial and other sensitive data, the Government Accountability Office says in a new report.
Specifically, SEC should improve its controls over user accounts and passwords, access rights and permissions, network security and monitoring of security events to prevent or detect unauthorized access to its systems, according to the report.
A major reason for the weaknesses is that the agency has not fully established a comprehensive security program, GAO said.
'Sensitive data'including payroll and financial transactions, personnel data, regulatory, and other mission critical information'are at increased risk of unauthorized disclosure, modification or loss, possibly without being detected,' said Gregory Wilshusen, GAO's director for information security issues.
SEC said it would implement the GAO recommendations by June 2006 and indicated that some had already been implemented.
To see the GAO report, go to www.gcn.com
and enter 397 in the GCN.com/box.
Mary Mosquera is a reporter for Federal Computer Week.