Government Computer News has a link over to a newly released General Accounting Office report stating that the SEC needs to increase security measures to protect its internal data. The GAO review that spawned the was conducted from April to November 2004 both at the SEC's Washington, DC headquarters and at the commission's computer facility in Alexandria, VA.

According to the GAO report, the SEC:

"did not effectively implement information system controls to protect the intergrity, confidentiality and availability of its financial and senstive information. Specifically, the commission had not consistently implemented effective electronic access controls, including user accounts and passwords, access rights and permissions, network security, or audit and monitoring of security-related events to prevent, limit and detect acccess to its ciritical financial and sensitive systems. In addition weaknesses in other information system controls, including physical security, segregation of computer functions, application change controls and service continuity further increase the risk to SEC's information systems. As a result, senstitive data - including payroll and financial transactions, personnel data, regulatory and other mission critical information - were at risk of unauthorized disclosure, modification, or loss, possibly without being detected."

Umm. Ouch.

So what's the over/under on when we'll br running an SEC data theft story in this space?

To check out the rest of the GNC.com article, click here.

To read the full GAO report, creatively entitled "Securities and Exchange Commission Needs to Address Weak Controls over Financial and Sensitive Data" click here.

-- MDT

Labels: GAO