GAO: FDIC Security Weaknesses Put Key Data At Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


GAO: FDIC Security Weaknesses Put Key Data At Risk

The General Accounting Office says in a report that the agency hasn't adequately limited the access granted to all authorized users or completely secured access to its network.

Security weaknesses identified by congressional investigators in the Federal Deposit Insurance Corp.'s IT systems place critical FDIC financial and sensitive examinations information at risk of unauthorized disclosure, disruption of operations, and loss of assets.

Specifically, the General Accounting Office said in a 25-page report made public Friday that the FDIC has neither adequately limited the access granted to all authorized users nor completely secured access to its network. The risk created by these access weaknesses is heightened because the FDIC hasn't completed a program to fully monitor access activity to identify and investigate unusual or suspicious access patterns that could indicate unauthorized access. As a result, GAO said, critical financial and sensitive personnel and bank examination information is at risk.

A key reason for the FDIC's continuing weaknesses in IS controls, according to GAO, is that it hasn't yet fully established a comprehensive security-management program to ensure that effective controls are instituted and maintained, and that IT receives significant management attention. The FDIC, which insures deposits at U.S. banks, only recently established a program to test and evaluate its computer-control environment. This program has yet to include adequate provisions to ensure that all key computer resources supporting the agency's financial environment are routinely reviewed and tested, weaknesses detected are analyzed for systemic solutions, corrective actions are independently tested, and newly identified weaknesses or emerging security threats are incorporated into the testing and evaluation process.

GAO's conclusion was based on an audit conducted last year. It wasn't the first time the investigative and audit arm of Congress audited the FDIC's computer security. After audits in 2001 and 2002, the FDIC addressed nearly all the computer security weaknesses GAO pointed out. Yet, security weaknesses continued.

To establish an effective information system controls environment, GAO recommends that the FDIC's CIO, the agency's top manager for computer security, correct a number of IS weaknesses, including strengthening the testing and evaluation element of its computer-security-management program.

In a written response, FDIC CFO Steven App agreed with GAO's recommendations, saying the agency plans to correct the IS control weaknesses and strengthen the testing and evaluation elements of its computer-management program by Dec. 31. Already, App said, significant progress has been made in addressing the identified flaws.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll