http://www.computerworld.com/securitytopics/security/story/0,10801,72741,00.html By Patrick Thibodeau JULY 15, 2002 WASHINGTON -- A federal agency created in the 1930s to help restore economic confidence during the Great Depression isn't winning the confidence of a congressional watchdog agency for its information security practices. The Federal Deposit Insurance Corp. was faulted by the U.S. General Accounting Office for access policies that give hundreds of end users privileges that allow them to modify financial software, as well as read, modify and copy financial data, the GAO said in a report (download PDF)  today. Many end users had access to "powerful" systems commands, including 26 help desk employees and 14 database staffers who didn't need access to these commands, the GAO said. The FDIC has been previously faulted by the GAO for IT security. But the GAO acknowledged that the FDIC has taken steps to improve its operations, including the use of a guard service to provide security surveillance to its computer rooms and an assessment of data to determine the level of security needed to protect it. The FDIC, in a written response, said the GAO's findings will help it improve security. The FDIC insures deposits in excess of $3.2 trillion for about 10,000 financial institutions.  http://www.gao.gov/new.items/d02689.pdf - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 09:58:26 PDT