GAO Faults SEC’s IT Security Controls
The Securities and Exchange Commission’s computer security system has weak controls that put financial information and other data at risk of being stolen, a congressional watchdog agency said Thursday.
The Government Accountability Office faulted the SEC for leaving computers logged on in public areas, not protecting passwords and not removing access for terminated employees for as long as eight months. The SEC needs to create a comprehensive program for testing and evaluating its information technology security, the GAO said.
“Sensitive data -- including payroll and financial transaction, personnel data, regulatory and other mission critical information -- are at increased risk of unauthorized disclosure,” the report said.
The GAO’s assessment comes as the SEC has required companies to certify that their internal financial controls are working. As of this week, more than 350 companies delayed filing their annual reports, many because of problems with their internal controls.
SEC spokeswoman Amy Best said the agency had made a number of changes to its computer security. The GAO’s review ended in August and doesn’t note many of the improvements, she said.
Inside the business of entertainment
The Wide Shot brings you news, analysis and insights on everything from streaming wars to production — and what it all means for the future.
You may occasionally receive promotional content from the Los Angeles Times.
