GAO slams SEC protection of sensitive data

Gregory Wilshusen

Rachel Gordon

The Securities and Exchange Commission needs to strengthen its controls over financial and other sensitive data, the Government Accountability Office says in a new report.

Specifically, SEC should improve its controls over user accounts and passwords, access rights and permissions, network security and monitoring of security events to prevent or detect unauthorized access to its systems, according to the report.

A major reason for the weaknesses is that the agency has not fully established a comprehensive security program, GAO said.

'Sensitive data'including payroll and financial transactions, personnel data, regulatory, and other mission critical information'are at increased risk of unauthorized disclosure, modification or loss, possibly without being detected,' said Gregory Wilshusen, GAO's director for information security issues.

SEC said it would implement the GAO recommendations by June 2006 and indicated that some had already been implemented.

To see the GAO report, go to www.gcn.com and enter 397 in the GCN.com/box.

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above