Monday, April 03, 2006

GAO: SEC Has Failed to Fix Security Gaps

Mary Mosquera writes on GCN.com:

Information security weaknesses persist at the Securities Exchange Commission because the agency has not followed through on recommendations the Government Accountability Office made last year for comprehensive, agencywide information security.

SEC has implemented just a few of its recommendations, GAO said in a report.

SEC has replaced a vulnerable, publicly accessible workstation and implemented change control procedures for a major application, but has not yet implemented effective controls for remote access to its servers, the report said. It also has not securely configured network devices and servers or put in place auditing and monitoring mechanisms to detect and track security incidents.

More here.

0 Comments:

Post a Comment

<< Home