GAO: FDIC Security Weaknesses Put Key Data At Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


GAO: FDIC Security Weaknesses Put Key Data At Risk

The General Accounting Office says in a report that the agency hasn't adequately limited the access granted to all authorized users or completely secured access to its network.

Security weaknesses identified by congressional investigators in the Federal Deposit Insurance Corp.'s IT systems place critical FDIC financial and sensitive examinations information at risk of unauthorized disclosure, disruption of operations, and loss of assets.

Specifically, the General Accounting Office said in a 25-page report made public Friday that the FDIC has neither adequately limited the access granted to all authorized users nor completely secured access to its network. The risk created by these access weaknesses is heightened because the FDIC hasn't completed a program to fully monitor access activity to identify and investigate unusual or suspicious access patterns that could indicate unauthorized access. As a result, GAO said, critical financial and sensitive personnel and bank examination information is at risk.

A key reason for the FDIC's continuing weaknesses in IS controls, according to GAO, is that it hasn't yet fully established a comprehensive security-management program to ensure that effective controls are instituted and maintained, and that IT receives significant management attention. The FDIC, which insures deposits at U.S. banks, only recently established a program to test and evaluate its computer-control environment. This program has yet to include adequate provisions to ensure that all key computer resources supporting the agency's financial environment are routinely reviewed and tested, weaknesses detected are analyzed for systemic solutions, corrective actions are independently tested, and newly identified weaknesses or emerging security threats are incorporated into the testing and evaluation process.

GAO's conclusion was based on an audit conducted last year. It wasn't the first time the investigative and audit arm of Congress audited the FDIC's computer security. After audits in 2001 and 2002, the FDIC addressed nearly all the computer security weaknesses GAO pointed out. Yet, security weaknesses continued.

To establish an effective information system controls environment, GAO recommends that the FDIC's CIO, the agency's top manager for computer security, correct a number of IS weaknesses, including strengthening the testing and evaluation element of its computer-security-management program.

In a written response, FDIC CFO Steven App agreed with GAO's recommendations, saying the agency plans to correct the IS control weaknesses and strengthen the testing and evaluation elements of its computer-management program by Dec. 31. Already, App said, significant progress has been made in addressing the identified flaws.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll