[ISN] FDIC faulted for weak IT security

From: InfoSec News (isnat_private)
Date: Wed Jul 17 2002 - 06:45:50 PDT

  • Next message: InfoSec News: "[ISN] Snouts in the honeypot"

    http://www.computerworld.com/securitytopics/security/story/0,10801,72741,00.html
    
    By Patrick Thibodeau
    JULY 15, 2002
    
    WASHINGTON -- A federal agency created in the 1930s to help restore 
    economic confidence during the Great Depression isn't winning the 
    confidence of a congressional watchdog agency for its information 
    security practices. 
    
    The Federal Deposit Insurance Corp. was faulted by the U.S. General 
    Accounting Office for access policies that give hundreds of end users 
    privileges that allow them to modify financial software, as well as 
    read, modify and copy financial data, the GAO said in a report 
    (download PDF) [1] today. 
    
    Many end users had access to "powerful" systems commands, including 26 
    help desk employees and 14 database staffers who didn't need access to 
    these commands, the GAO said. 
    
    The FDIC has been previously faulted by the GAO for IT security. But 
    the GAO acknowledged that the FDIC has taken steps to improve its 
    operations, including the use of a guard service to provide security 
    surveillance to its computer rooms and an assessment of data to 
    determine the level of security needed to protect it. 
    
    The FDIC, in a written response, said the GAO's findings will help it 
    improve security. 
    
    The FDIC insures deposits in excess of $3.2 trillion for about 10,000 
    financial institutions. 
    
    [1] http://www.gao.gov/new.items/d02689.pdf
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Wed Jul 17 2002 - 09:58:26 PDT