GAO Says SEC's Information Security Falls Short

Law360, New York (March 5, 2008, 12:00 AM EST) -- The U.S. Securities and Exchange Commission has made progress in protecting its financial information but weaknesses persist in its internal information security system, leaving the agency at risk, the U.S. Government Accountability Office said in a report issued Friday.

The SEC doesn't always enforce strong controls for identifying users of its computer systems or limit user access only to employees who need it to perform their jobs, the GAO found. Nor does the agency always encrypt sensitive data, log and monitor security-related events or physically protect...
To view the full article, register now.