SEC Gets Taste of Its Own Medicine
The SECís controls over its computers and databases have been a little loosey-goosey.
Thatís the upshot of a recent U.S. Government Accountability Office report, which found that the SEC had not effectively implemented controls to protect financial and other sensitive data stored on its computers. For example, the GAO found that the SEC had weak controls over computer passwords, access to databases, and even physical access to wiring closets.
Rest assured: the SEC is aware of the problem and is turning things around.
But check out the following bit of advice the GAO helpfully offered the SEC:
An effectively-implemented program of internal controls, said the GAO, "provides for an ongoing cycle of periodically assessing risks, establishing appropriate policies and procedures, . . . and establishing an ongoing program of tests and evaluations of the effectiveness of policies and controls to ensure that they remain appropriate and accomplish their intended purpose."
Hey ó isnít there an SEC rule or something along those lines?