GAO slams SEC protection of sensitive data

Gregory Wilshusen

Rachel Gordon

The Securities and Exchange Commission needs to strengthen its controls over financial and other sensitive data, the Government Accountability Office says in a new report.

Specifically, SEC should improve its controls over user accounts and passwords, access rights and permissions, network security and monitoring of security events to prevent or detect unauthorized access to its systems, according to the report.

A major reason for the weaknesses is that the agency has not fully established a comprehensive security program, GAO said.

'Sensitive data'including payroll and financial transactions, personnel data, regulatory, and other mission critical information'are at increased risk of unauthorized disclosure, modification or loss, possibly without being detected,' said Gregory Wilshusen, GAO's director for information security issues.

SEC said it would implement the GAO recommendations by June 2006 and indicated that some had already been implemented.

To see the GAO report, go to and enter 397 in the

About the Author

Mary Mosquera is a reporter for Federal Computer Week.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.