US Accountability Body Criticizes SEC Infosec Approach
In its findings summary, the GAO said that the SEC did not adequately protect its system boundaries from intrusion, and failed to consistently authenticate users, monitor network activity, implement proper authorization procedures for sensitive data and restrict access at physical locations. Damningly, the GAO also found that the SEC did not properly segregate its development and production environments, with accounts for the former live on the latter's servers. The GAO also noted that despite the SEC had put a disaster recovery and contingency plan in place, this did not include a critical system.
"[The] SEC continues to make progress in improving information security controls over its key financial systems," the GAO report summarizes. "However, information security control weaknesses in a key financial system's production environment may jeopardize the confidentiality, integrity, and availability of information residing in and processed by the system. These included deficiencies in [the] SEC's controls over access control, configuration management, segregation of duties, and contingency and disaster recovery planning. In addition, [the] SEC did not consistently provide adequate contractor oversight and implement an effective risk management process during the migration of an important financial system to its new location."
The report recommends that the SEC increases its oversight of contractors, and institute a proper risk management program. A separate document, which was not widely distributed, makes 49 specific suggestions.
In its comments, the SEC acknowledged issues with the oversight of contractors and the wider criticisms made in the report, but said that once weaknesses were identified with server configurations, they were immediately rectified.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@waterstechnology.com or view our subscription options here: https://subscriptions.waterstechnology.com/subscribe
You are currently unable to print this content. Please contact info@waterstechnology.com to find out more.
You are currently unable to copy this content. Please contact info@waterstechnology.com to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@waterstechnology.com
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@waterstechnology.com
More on Trading Tech
As outages spread, it’s time to rethink how we view infrastructure technology
Waters Wrap: First AWS and then Azure. And these are only the most recent of significant outages. Anthony says a change is needed when it comes to calculating server migrations.
LLM firms come for finance, BMLL gets bought, LSEG users get Preqin feeds, and more
The Waters Cooler: Tradeweb completes fully electronic RFM swaptions trade, IBM cashes in on digital asset mania, and more frights and delights in this week’s news roundup.
TMX’s CEO wonders if tokenization is a ‘solution looking for a problem’
While acknowledging the potential of tokenizing securities, John McKenzie said regulators shouldn’t move too fast, and let customer demand drive adoption.
Bolsa Mexicana embarks on multi-year modernization project
Latin America’s second largest exchange is embracing cloud and upgrading its infrastructure in a bid to bolster its global standing, says CEO.
S&P’s $1.8 billion buy, an FIA restructure, a tokenization craze, and more
The Waters Cooler: CAIS creates CAISey, BNY deploys EquiLend, and more in this week’s news roundup.
Bloomberg integrates AI summaries into Port
One buy-side user says that while it’s still early for agentic tools, they’re excited by what they’ve seen so far.
Larry Fink: ‘We need to be tokenizing all assets’
The asset manager is currently exploring tokenizing long-term investment products like iShares, with an eye on non-financial assets down the road.
Examining how adaptive intelligence can create resilient trading ecosystems
Researchers from IBM and Wipro explore how multi-agent LLMs and multi-modal trading agents can be used to build trading ecosystems that perform better under stress.
