By Wade-Hahn Chan
Sept. 1, 2006
The Government Accountability Office has released a new report that
criticizes the Federal Deposit Insurance Corp.'s (FDIC) efforts to
implement information security controls.
The FDIC has made progress since an audit released in March  found
24 weaknesses. So far the agency has corrected 18 of them, the new
report states. The audit found that after the FDIC changed its
financial systems in 2005, it "did not ensure that adequate controls
were in place to accommodate its new systems environment."
In the new report, GAO states that despite the progress, information
security controls are still missing to protect the "confidentiality,
integrity and availability of its financial and sensitive information
and information systems." Consequently, the agency has identified an
additional 20 weaknesses in the FDIC's financial system.
GAO blames this on the FDIC's information security program, which the
report says is not fully implemented. GAO says the FDIC has not
consistently enforced its security-related policies, addressed
security plans for specific applications, provided training to
individuals with major security responsibilities, implemented plans to
solve known weaknesses, or updated or tested continuity plans after
changing the financial system in 2005.
GAO states that without changes, sensitive financial information is at
"increased risk of unauthorized access, modification and/or
disclosure, possibly without detection," the report states.
HITBSecConf2006 - Malaysia
The largest network security event in Asia
32 internationally renowned speakers
7 tracks of hands-on technical training sessions.
Register now: http://conference.hitb.org/hitbsecconf2006kl/