17 July 2018
Visit www.gemalto.com

SEC told to improve cyber attack defences

28 July 2017  |  14461 views  |  0 Security/Risk

The Securities and Exchange Commission (SEC) must do more to improve its defences against cyber attacks, says the US Government Accountability Office (GAO).

Wall Street's top regulator is failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission, says the GAO in its report.

The report says that the SEC has resolved 47 of 58 recommendations made by the GAO in a 2015 audit but is still falling short in several areas such as authorising access to resources and auditing and monitoring actions taken on its systems and network.

In addition, the report finds another 15 new "control deficiencies" that are holding back the SEC's ability to protect itself. Among these are a failure to consistently control logical access to financial and general support systems and using unsupported software to process financial data.

These weaknesses exist, in part, because the SEC did not fully implement key elements of its information security programme, says the GAO. For example, the watchdog did not maintain up-to-date network diagrams and asset inventories in its system security plans for its general support system and its key financial system application.

The report says that while the issues it has found do not constitute a "material weakness or significant deficiency", they warrant SEC management attention, prompting another 26 recommendations.

"Until SEC mitigates these deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise," says the GAO.

The SEC has concurred with the recommendations.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

SEC pushes through plans to build giant audit trail

SEC pushes through plans to build giant audit trail

16 November 2016  |  4851 views  |  1 comments | 9 tweets | 12 linkedin
SEC bills cyber threats as biggest risk to financial markets

SEC bills cyber threats as biggest risk to financial markets

18 May 2016  |  6087 views  |  0 comments | 6 tweets | 11 linkedin
Bank regulator IT examiners need more training - report

Bank regulator IT examiners need more training - report

03 July 2015  |  7185 views  |  0 comments | 5 tweets | 4 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit https://secure.vasco.comVisit info.nice.comVisit http://go.jumio.com/finextraAd

Top topics

Most viewed Most shared
Handelsbanken trials micro contactless cardsHandelsbanken trials micro contactless car...
10380 views comments | 19 tweets | 30 linkedin
Metro Bank opens developer portalMetro Bank opens developer portal
9346 views comments | 5 tweets | 14 linkedin
Anything Visa can do...Mastercard takes time outAnything Visa can do...Mastercard takes ti...
8709 views comments | 6 tweets | 14 linkedin
Citi to streamline corporate receivables with HighRadiusCiti to streamline corporate receivables w...
7734 views comments | 1 tweets | 5 linkedin

Featured job

Competitive base, double ote, benefits
New York City, NY - USA

Find your next job