AOH :: IS1849.HTM

GAO: SEC cybersecurity program is incomplete

GAO: SEC cybersecurity program is incomplete
GAO: SEC cybersecurity program is incomplete

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By William Jackson
March 18, 2009

The Securities and Exchange Commission has corrected some weaknesses 
identified in its information security controls in the past two years, 
but the lack of a comprehensive information security program has let 
weaknesses accumulate faster than they have been resolved, according to 
the Government Accountability Office.

=E2=80=9CIn our report on SEC=E2=80=99s financial statements for fiscal years 2008 and 
2007, we concluded that weaknesses in information security controls 
constitute a significant deficiency in internal controls over the 
information systems and data used for financial reporting,=E2=80=9D GAO auditors 
wrote in a recently released report.

SEC has corrected or mitigated 18 of 34 weaknesses reported in a 2008 
audit, GAO said. But in addition to the 16 problems not yet addressed, 
GAO identified 23 new ones. =E2=80=9CA key reason for these weaknesses was that 
SEC did not fully implement key activities of its information security 
program,=E2=80=9D the report states.

Among the missing components of SEC's security program:


Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Best Selling Security Books and More! 


Site design & layout copyright © 1986-2015 CodeGods