By William Jackson
Feb 02, 2009
The Treasury Department bureau responsible for administering the Bank
Secrecy Act is not doing enough to protect the sensitive financial data
that it gathers and shares with other agencies and governments,
according to an audit of its IT systems and practices.
The Financial Crimes Enforcement Network (FinCEN) has not ignored
security, but inadequate documentation and implementation of security
controls have left holes, the Government Accountability Office said in
the report, "Further Actions Needed to Address Risks to Bank Secrecy Act
FinCEN maintains its own IT systems and also uses those of the Treasury
Communications System and the IRS. GAO found significant weaknesses in
the ability to ensure the confidentiality, integrity and availability of
the data in all three of the systems.
"A key reason for many of the weaknesses was that FinCEN and IRS had not
fully implemented key information security program activities," the
report said. "For example, FinCEN did not always include detailed
implementation guidance in its policies and procedures and adequately
test and evaluate information security controls."
Best Selling Security Books & More!