SEC needs better controls to protect data -watchdog

WASHINGTON, April 3 Thu Apr 4, 2013 3:14am IST

Related Topics

WASHINGTON, April 3 (Reuters) - Sensitive non-public information could be compromised if the U.S. Securities and Exchange Commission fails to take additional steps to improve its internal controls, an agency watchdog has found.

In two separate audits completed late last month, the SEC's new inspector general, Carl Hoecker, found vulnerabilities in the SEC's information technology system.

The first audit, dated March 25, examined how well the SEC maintains controls to protect sensitive information that it shares with the U.S. Financial Stability Oversight Council, or FSOC, a body of regulators that guards against systemic risks.

The second audit, dated March 29, reviewed the SEC's compliance with the Federal Information Security Management Act, a federal law that lays down a framework for government agencies to protect themselves against threats and ensure data is secure.

Both audits were conducted as routine reviews to ensure compliance with federal rules and regulations, and were not investigating any wrongdoing.

The inspector general's audits come as Congress and the White House are restarting negotiations on legislation aimed at improving U.S. defenses against cyber attacks.

The White House wants critical companies to comply with minimum security standards and also wants to help protect private information turned over to the government.

Protection of private company data is particularly important for financial market regulators, who routinely use it to help police the marketplace.

Hoecker's March 25 audit found that the SEC needs to take more steps to safeguard critical information that companies such as hedge funds provide to the SEC on a confidential basis.

That information, which often includes proprietary data, is later reviewed by the FSOC.

The audit found that the SEC does not have controls to restrict or prevent employees and contractors who are accessing their e-mail remotely via the Internet from uploading or saving non-public information to a non-government computer.

"As a result, sensitive or nonpublic information could potentially be saved to a non-SEC computer," Hoecker wrote. "There is a risk that an unauthorized person could gain access to sensitive or nonpublic SEC information."

The SEC said the audit did not inquire whether any information was actually compromised.

The second audit found that generally the SEC needs to do more to continually monitor the security of its systems. It also found the SEC did not always properly disable network accounts for employees or contractors who have left the SEC.

"By not disabling these accounts, unauthorized employees/contractors can have access to the SEC's network," the report said, adding it was "putting the SEC at a higher risk for malicious acts."

SEC spokesman John Nester declined to comment beyond the agency's comments attached to the two audits.

The SEC concurred with the recommendations and said it would take steps to correct the problems.

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Public Health

REUTERS SHOWCASE

Cost Cutting

Cost Cutting

PM Narendra Modi boots officials out of the first class cabin  Full Article 

Airtel Profit Jumps

Airtel Profit Jumps

Bharti Q2 net profit more than doubles   Full Article 

Leisure Riding

Leisure Riding

Harley-Davidson woos affluent young Indians with bike culture  Full Article 

Maruti Earnings

Maruti Earnings

Maruti Suzuki net profit up 29 percent, beats estimates.  Full Article 

ICICI Results

ICICI Results

ICICI Bank Q2 profit up 15 percent, beats estimates.  Full Article 

Moody's on India

Moody's on India

Moody's welcomes India's policy steps, but wants to see more.  Full Article 

End Of QE

End Of QE

U.S. Fed ends bond buying, exhibits confidence in U.S. recovery.  Full Article 

Cook Comes Out

Cook Comes Out

Apple's Cook: "I'm proud to be gay"  Full Article 

Refining Margins

Refining Margins

BPCL aims to double refining margins with refinery expansion.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device  Full Coverage