After a two-year security audit, the U.S. Government Accountability Office (GAO) has shared a 25-page report with the U.S. Securities and Exchange Commission (SEC) listing a number of weaknesses with the SEC’s cybersecurity controls, FierceFinanceIT reports. The GAO noted security flaws with access controls, patch management, segregation of development and production environments and contingency planning. “Weaknesses limited (the SEC’s) effectiveness in protecting the confidentiality, integrity and availability of a key financial system,” the report states, adding, “These weaknesses existed, in part, because SEC did not effectively oversee and manage the migration of the key financial system to a new location. Consequently, SEC’s financial information and systems were exposed to increased risk of unauthorized access, disclosure, modification and disruption.” Meanwhile, Jeff Kosseff writes about the SEC’s 50 cybersecurity examinations, and the top 10 things financial institutions should know.
If you want to comment on this post, you need to login.