US Accountability Body Criticizes SEC Infosec Approach
In its findings summary, the GAO said that the SEC did not adequately protect its system boundaries from intrusion, and failed to consistently authenticate users, monitor network activity, implement proper authorization procedures for sensitive data and restrict access at physical locations. Damningly, the GAO also found that the SEC did not properly segregate its development and production environments, with accounts for the former live on the latter's servers. The GAO also noted that despite the SEC had put a disaster recovery and contingency plan in place, this did not include a critical system.
"[The] SEC continues to make progress in improving information security controls over its key financial systems," the GAO report summarizes. "However, information security control weaknesses in a key financial system's production environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by the system. These included deficiencies in [the] SEC's controls over access control, configuration management, segregation of duties, and contingency and disaster recovery planning. In addition, [the] SEC did not consistently provide adequate contractor oversight and implement an effective risk management process during the migration of an important financial system to its new location."
The report recommends that the SEC increases its oversight of contractors, and institute a proper risk management program. A separate document, which was not widely distributed, makes 49 specific suggestions.
In its comments, the SEC acknowledged issues with the oversight of contractors and the wider criticisms made in the report, but said that once weaknesses were identified with server configurations, they were immediately rectified.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: https://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Trading Tech
24X National Exchange faces uphill battle in exemption fight
The Waters Wrap: 24X wants exemption from the requirement that the SIP be operational during overnight hours for its overnight session to proceed. Nyela explains why that’s asking a lot.
CME’s Duffy addresses outages as exchanges push toward 24/7 trading
As senior exchange execs fielded questions about overnight trading in equities, the theme of resiliency lingered.
Bloomberg enhances feeds, Standard Chartered and TP Icap partner on digital assets, and more
The Waters Cooler: LSEG and ASX partner to modernize derivatives platform, MSCI acquires two companies, State Street bolsters data business, and more in this week’s news roundup.
Apac buy-side firms embrace AI, automation to optimize business processes
Survey of Apac buy-side firms shows growing AI, API and automation usage to enhance investment workflows and enable data integration
What does the future of trader voice look like?
The trader voice market has shrunk to three main players: IPC, BT, and Symphony. The battle for market share and desk real estate is pitting hardware against software.
Bloomberg Terminal’s agentic play shows rapid change in trading tech
Waters Wrap: The data giant’s conversational AI interface might seem novel, but others say having one is becoming a bare minimum in the world of trading technology.
Esma supervision proposals ensnare Bloomberg and Tradeweb
Derivatives and bonds venues would become subject to centralized supervision if the proposed reforms go through.
AllianceBernstein enlists SimCorp, BMLL and Features Analytics team up, and more
The Waters Cooler: Mondrian chooses FundGuard to tool up, prediction markets entice options traders, and Synechron and Cognition announce an AI engineering agreement in this week’s news roundup.
