US Accountability Body Criticizes SEC Infosec Approach

In its findings summary, the GAO said that the SEC did not adequately protect its system boundaries from intrusion, and failed to consistently authenticate users, monitor network activity, implement proper authorization procedures for sensitive data and restrict access at physical locations. Damningly, the GAO also found that the SEC did not properly segregate its development and production environments, with accounts for the former live on the latter's servers. The GAO also noted that despite the SEC had put a disaster recovery and contingency plan in place, this did not include a critical system.
"[The] SEC continues to make progress in improving information security controls over its key financial systems," the GAO report summarizes. "However, information security control weaknesses in a key financial system's production environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by the system. These included deficiencies in [the] SEC's controls over access control, configuration management, segregation of duties, and contingency and disaster recovery planning. In addition, [the] SEC did not consistently provide adequate contractor oversight and implement an effective risk management process during the migration of an important financial system to its new location."
The report recommends that the SEC increases its oversight of contractors, and institute a proper risk management program. A separate document, which was not widely distributed, makes 49 specific suggestions.
In its comments, the SEC acknowledged issues with the oversight of contractors and the wider criticisms made in the report, but said that once weaknesses were identified with server configurations, they were immediately rectified.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: http://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Trading Tech
Everything’s a chatbot. Soon, your sales trader might be, too.
Morgan Stanley, Citi, and Kepler Cheuvreux are among firms considering making their internal AI assistants available to clients.
MayStreet founder sues LSEG for fraud, breach of contract
The complaint accuses the exchange group of “defrauding” MayStreet executives following the 2022 acquisition. LSEG “strongly refutes these claims.”
APIs keep their eyes on the prize
The IMD Wrap: As the API economy continues to expand, connecting an ever-increasing number of broker and data interfaces is becoming a cottage industry in itself.
Fnality joins DLT-based PvP FX settlement service
Baton Systems and Osttra’s joint payment-versus-payment FX network adds central bank-backed settlement option
Bloomberg’s chatbots streamline external data sharing, OTC trading
The vendor details the expansion of chatbot support outside of a firm’s enterprise, and addresses user reservations about cost and spambots.
The Consolidated Audit Trail faces an uncertain fate—yet again
Waters Wrap: The CAT is up and running, but with a conservative SEC in place and renewed pressure from politicians and exchanges, Anthony says the controversial database faces a death by a thousand cuts.
ICE’s snowball effect: Intercontinental Exchange keeps leash tight on infrastructure
Voice of the CTO: Stuart Williams talks about why the exchange has been so adamant about “controlling” its infrastructure and technology, and how that helped it manage intense market volatility.
Aussie super fund overhauls investment platform with BlackRock Aladdin
Aware Super’s Project Odin includes implementations of BlackRock Aladdin, eFront and GoldenSource EDM