22 August 2017
Visit http://response.ncr.com

SEC told to improve cyber attack defences

28 July 2017  |  12323 views  |  0 Security/Risk

The Securities and Exchange Commission (SEC) must do more to improve its defences against cyber attacks, says the US Government Accountability Office (GAO).

Wall Street's top regulator is failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission, says the GAO in its report.

The report says that the SEC has resolved 47 of 58 recommendations made by the GAO in a 2015 audit but is still falling short in several areas such as authorising access to resources and auditing and monitoring actions taken on its systems and network.

In addition, the report finds another 15 new "control deficiencies" that are holding back the SEC's ability to protect itself. Among these are a failure to consistently control logical access to financial and general support systems and using unsupported software to process financial data.

These weaknesses exist, in part, because the SEC did not fully implement key elements of its information security programme, says the GAO. For example, the watchdog did not maintain up-to-date network diagrams and asset inventories in its system security plans for its general support system and its key financial system application.

The report says that while the issues it has found do not constitute a "material weakness or significant deficiency", they warrant SEC management attention, prompting another 26 recommendations.

"Until SEC mitigates these deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise," says the GAO.

The SEC has concurred with the recommendations.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

SEC pushes through plans to build giant audit trail

SEC pushes through plans to build giant audit trail

16 November 2016  |  4397 views  |  1 comments | 9 tweets | 12 linkedin
SEC bills cyber threats as biggest risk to financial markets

SEC bills cyber threats as biggest risk to financial markets

18 May 2016  |  5518 views  |  0 comments | 6 tweets | 11 linkedin
Bank regulator IT examiners need more training - report

Bank regulator IT examiners need more training - report

03 July 2015  |  6944 views  |  0 comments | 5 tweets | 4 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.vasco.comvisit www.dorsum.euvisit www.niceactimize.com

Top topics

Most viewed Most shared
Mobile contactless spending accelerating in UKMobile contactless spending accelerating i...
12423 views comments | 26 tweets | 23 linkedin
Barclays pairs banking data with third party apps for SmartBusiness DashboardBarclays pairs banking data with third par...
10980 views comments | 22 tweets | 34 linkedin
hands typing furiouslyWhy Is Risk Analytics Important?
10208 views 0 | 6 tweets | 1 linkedin
RBS to bring Silicon Valley to EdinburghRBS to bring Silicon Valley to Edinburgh
10164 views comments | 10 tweets | 8 linkedin
Australia regulates digital currenciesAustralia regulates digital currencies
10065 views comments | 21 tweets | 34 linkedin

Featured job

Find your next job