US Accountability Body Criticizes SEC Infosec Approach
In its findings summary, the GAO said that the SEC did not adequately protect its system boundaries from intrusion, and failed to consistently authenticate users, monitor network activity, implement proper authorization procedures for sensitive data and restrict access at physical locations. Damningly, the GAO also found that the SEC did not properly segregate its development and production environments, with accounts for the former live on the latter's servers. The GAO also noted that despite the SEC had put a disaster recovery and contingency plan in place, this did not include a critical system.
"[The] SEC continues to make progress in improving information security controls over its key financial systems," the GAO report summarizes. "However, information security control weaknesses in a key financial system's production environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by the system. These included deficiencies in [the] SEC's controls over access control, configuration management, segregation of duties, and contingency and disaster recovery planning. In addition, [the] SEC did not consistently provide adequate contractor oversight and implement an effective risk management process during the migration of an important financial system to its new location."
The report recommends that the SEC increases its oversight of contractors, and institute a proper risk management program. A separate document, which was not widely distributed, makes 49 specific suggestions.
In its comments, the SEC acknowledged issues with the oversight of contractors and the wider criticisms made in the report, but said that once weaknesses were identified with server configurations, they were immediately rectified.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@waterstechnology.com
More on Trading Tech
The IMD Wrap: Talk about ‘live’ data, NAFIS 2024 is here
This year’s North American Financial Information Summit takes place this week, with an expanded agenda. Max highlights some of the must-attend sessions and new topics. But first, a history lesson...
MarketAxess builds strategy around X-Pro
MarketAxess profits were down in Q1, but revenues were up and automation volume hit a record $94 billion.
Canada’s triparty repo launch aims to fill C$60bn void
Test trades on TMX/Clearstream platform represent “quantum leap” for creaking funding markets.
People Moves: NorQuant, Tradition, Duco, HKEx, SimCorp, Hazeltree, Xceptor, Broadridge, and more
A look at the past month’s people moves in the capital markets technology and data space.
Bank-led consortium takes aim at position reporting
Five banks, including Barclays, BNP Paribas, Goldman Sachs and HSBC, have joined forces to mitigate interpretation and implementation errors in position reporting disclosures.
This Week: BBH, AllianceBernstein add data solutions, Deutsche Börse-Nodal Exchange, and more
A summary of some of the latest financial technology news.
Consortium backs BGC’s effort to challenge CME
Banks and market makers—including BofA, Citi, Goldman, Jump and Tower—will have a 26% stake in FMX.
Symphony boosts Cloud9 voice offerings with AI
The messaging and collaboration platform builds on Cloud9’s capabilities as it embraces the AI wave in what CEO Brad Levy calls “incremental” steps.
Most read
- Waters Wavelength Podcast: S&P’s CTO on AI, data, and the future of datacenters
- Chris Edmonds takes the reins at ICE Fixed Income and Data Services
- Waters Wrap: GenAI and rising tides