The General Accountability Office said weaknesses remain in the way the Securities and Exchange Commission maintains security over its financial systems and data, despite making progress in improving measures since September 2014 – the last time GAO looked at the SEC’s cybersecurity program. Among other shortcomings, the SEC did not “consistently protect its network from possible intrusions, identify and authenticate users, authorize access to resources, audit and monitor actions taken on its systems and network, and restrict physical access to sensitive assets,” claimed GAO. GAO also said that the SEC did not consistently ensure that its hardware and software are configured with appropriate security features; did not always divide incompatible duties among separate persons so that one person does not control all steps of a process; and did not maintain updated business contingency and disaster recovery plans. Although GAO did not determine that the SEC’s failure constituted a material weakness, it concluded that, in aggregate, the SEC’s oversight flaws increase the risk that the “SEC’s financial information and systems [are] exposed to increased risk of unauthorized disclosure, modification, and destruction.” GAO determined that the SEC’s failures resulted from its failure to “effectively implement” elements of its own information security program. GAO is an independent, non-partisan federal agency that supports Congress in ensuring that US government funds are spent “efficiently and effectively.”
Register now for your free, tailored, daily legal newsfeed service.
Questions? Please contact firstname.lastname@example.orgRegister
GAO Criticizes SEC Cybersecurity Controls
Popular articles from this firm
If you would like to learn how Lexology can drive your content marketing strategy forward, please email email@example.com.
Related topic hubs
Privacy Manager, Global Privacy Centre
"This is a very good resource and I appreciate receiving it everyday. Each newsletter has a great deal of content and the daily feed allows you to 'pace' yourself. The content is relevant to the areas that I address and the articles are written by counsel who are very experienced in these areas and can communicate in a meaningful and effective way."