18 October 2017
Find out more

SEC told to improve cyber attack defences

28 July 2017  |  13726 views  |  0 Security/Risk

The Securities and Exchange Commission (SEC) must do more to improve its defences against cyber attacks, says the US Government Accountability Office (GAO).

Wall Street's top regulator is failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission, says the GAO in its report.

The report says that the SEC has resolved 47 of 58 recommendations made by the GAO in a 2015 audit but is still falling short in several areas such as authorising access to resources and auditing and monitoring actions taken on its systems and network.

In addition, the report finds another 15 new "control deficiencies" that are holding back the SEC's ability to protect itself. Among these are a failure to consistently control logical access to financial and general support systems and using unsupported software to process financial data.

These weaknesses exist, in part, because the SEC did not fully implement key elements of its information security programme, says the GAO. For example, the watchdog did not maintain up-to-date network diagrams and asset inventories in its system security plans for its general support system and its key financial system application.

The report says that while the issues it has found do not constitute a "material weakness or significant deficiency", they warrant SEC management attention, prompting another 26 recommendations.

"Until SEC mitigates these deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise," says the GAO.

The SEC has concurred with the recommendations.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

SEC pushes through plans to build giant audit trail

SEC pushes through plans to build giant audit trail

16 November 2016  |  4539 views  |  1 comments | 9 tweets | 12 linkedin
SEC bills cyber threats as biggest risk to financial markets

SEC bills cyber threats as biggest risk to financial markets

18 May 2016  |  5689 views  |  0 comments | 6 tweets | 11 linkedin
Bank regulator IT examiners need more training - report

Bank regulator IT examiners need more training - report

03 July 2015  |  7031 views  |  0 comments | 5 tweets | 4 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Register nowvisit www.capgemini.comvisit www.innotribe.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
15206 views comments | 12 tweets | 4 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
8402 views comments | 16 tweets | 21 linkedin
hands typing furiouslyHow artificial intelligence can deliver a...
7918 views 0 | 7 tweets | 9 linkedin
satelliteGates Foundation backs Ripple collaboratio...
7361 views comments | 13 tweets | 8 linkedin
IBM uses blockchain to improve cross-border payments processingIBM uses blockchain to improve cross-borde...
6519 views comments | 8 tweets | 16 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job