IoT
News
News
5/28/2004
04:50 PM
50%
50%
RELATED EVENTS
The Analytics Job and Salary Outlook for 2016
Jan 28, 2016
With data science and big data top-of-mind for all types of organizations, hiring analytics profes ...Read More>>

GAO: FDIC Security Weaknesses Put Key Data At Risk

The General Accounting Office says in a report that the agency hasn't adequately limited the access granted to all authorized users or completely secured access to its network.

Security weaknesses identified by congressional investigators in the Federal Deposit Insurance Corp.'s IT systems place critical FDIC financial and sensitive examinations information at risk of unauthorized disclosure, disruption of operations, and loss of assets.

Specifically, the General Accounting Office said in a 25-page report made public Friday that the FDIC has neither adequately limited the access granted to all authorized users nor completely secured access to its network. The risk created by these access weaknesses is heightened because the FDIC hasn't completed a program to fully monitor access activity to identify and investigate unusual or suspicious access patterns that could indicate unauthorized access. As a result, GAO said, critical financial and sensitive personnel and bank examination information is at risk.

A key reason for the FDIC's continuing weaknesses in IS controls, according to GAO, is that it hasn't yet fully established a comprehensive security-management program to ensure that effective controls are instituted and maintained, and that IT receives significant management attention. The FDIC, which insures deposits at U.S. banks, only recently established a program to test and evaluate its computer-control environment. This program has yet to include adequate provisions to ensure that all key computer resources supporting the agency's financial environment are routinely reviewed and tested, weaknesses detected are analyzed for systemic solutions, corrective actions are independently tested, and newly identified weaknesses or emerging security threats are incorporated into the testing and evaluation process.

GAO's conclusion was based on an audit conducted last year. It wasn't the first time the investigative and audit arm of Congress audited the FDIC's computer security. After audits in 2001 and 2002, the FDIC addressed nearly all the computer security weaknesses GAO pointed out. Yet, security weaknesses continued.

To establish an effective information system controls environment, GAO recommends that the FDIC's CIO, the agency's top manager for computer security, correct a number of IS weaknesses, including strengthening the testing and evaluation element of its computer-security-management program.

In a written response, FDIC CFO Steven App agreed with GAO's recommendations, saying the agency plans to correct the IS control weaknesses and strengthen the testing and evaluation elements of its computer-management program by Dec. 31. Already, App said, significant progress has been made in addressing the identified flaws.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
How to Knock Down Barriers to Effective Risk Management
Risk management today is a hodgepodge of systems, siloed approaches, and poor data collection practices. That isn't how it should be.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.