GAO Find Weaknesses in SEC Information Systems Security Program
- Controls were not consistently implemented for identifying and authenticating users.
- Weaknesses in authorization controls limited their effectiveness.
- Certain sensitive data were transmitted unencrypted.
- Certain systems were not configured to maintain audit trails of security-relevant events.
- Systems were not routinely and consistently patched.
- Establish configuration baselines and related guidance for securing systems and monitoring system configuration baseline implementation.
- Enhance the EDGAR security plan to document security requirements for the EDGAR/Fee Momentum subsystem.
- Develop and implement a comprehensive vulnerability management strategy that includes routine scanning of SEC's systems and evaluation of such scanning to provide for any needed corrective actions.
Voice of the Editor
What makes a company a great place to work? Experience, a ConnectEDU company, uses criteria that include benefits, career advancement opportunities, culture, and work/life balance to form its annual list of the Best Places to Work for Recent Grads. BDO USA and Ernst & Young both made the Top 25 list. Read what makes these firms stand out and find out what can be done at your firm to entice college grads.