http://gcn.com/articles/2009/02/02/fincen-020209.aspx By William Jackson GCN.com Feb 02, 2009 The Treasury Department bureau responsible for administering the Bank Secrecy Act is not doing enough to protect the sensitive financial data that it gathers and shares with other agencies and governments, according to an audit of its IT systems and practices. The Financial Crimes Enforcement Network (FinCEN) has not ignored security, but inadequate documentation and implementation of security controls have left holes, the Government Accountability Office said in the report, "Further Actions Needed to Address Risks to Bank Secrecy Act Data." FinCEN maintains its own IT systems and also uses those of the Treasury Communications System and the IRS. GAO found significant weaknesses in the ability to ensure the confidentiality, integrity and availability of the data in all three of the systems. "A key reason for many of the weaknesses was that FinCEN and IRS had not fully implemented key information security program activities," the report said. "For example, FinCEN did not always include detailed implementation guidance in its policies and procedures and adequately test and evaluate information security controls." [...] _______________________________________________ Best Selling Security Books & More! http://www.shopinfosecnews.org/Received on Tue Feb 03 2009 - 22:07:34 PST
This archive was generated by hypermail 2.2.0 : Tue Feb 03 2009 - 22:13:52 PST