http://gcn.com/articles/2009/03/18/sec-security-controls.aspx By William Jackson GCN.com March 18, 2009 The Securities and Exchange Commission has corrected some weaknesses identified in its information security controls in the past two years, but the lack of a comprehensive information security program has let weaknesses accumulate faster than they have been resolved, according to the Government Accountability Office. “In our report on SEC’s financial statements for fiscal years 2008 and 2007, we concluded that weaknesses in information security controls constitute a significant deficiency in internal controls over the information systems and data used for financial reporting,” GAO auditors wrote in a recently released report. SEC has corrected or mitigated 18 of 34 weaknesses reported in a 2008 audit, GAO said. But in addition to the 16 problems not yet addressed, GAO identified 23 new ones. “A key reason for these weaknesses was that SEC did not fully implement key activities of its information security program,” the report states. Among the missing components of SEC's security program: [...] _______________________________________________ Best Selling Security Books and More! http://www.shopinfosecnews.org/Received on Wed Mar 18 2009 - 23:15:36 PDT
This archive was generated by hypermail 2.2.0 : Wed Mar 18 2009 - 23:36:25 PDT