http://www.bankinfosecurity.com/gao-identifies-weakness-in-fdic-infosec-a-7085
By Eric Chabrow
Bank Info Security
July 22, 2014
Two separate audits by the Government Accountability Office show
information security weaknesses at the Federal Deposit Insurance Corp. and
significant deficiencies in information system controls at the Treasury
Department unit that manages the federal debt.
The FDIC, the government-owned corporation that insures bank deposits,
failed to fully implement controls to authenticate its system users'
identities, restrict access to sensitive systems and data, encrypt
sensitive data, complete background re-investigations for employees and
audit and monitor system access, according to the report issued late last
week.
GAO says the shortcomings do not constitute a material weakness or
significant deficiency for financial reporting purposes. "Nevertheless,"
auditors say, "unless FDIC takes further steps to mitigate these
weaknesses, the corporation's sensitive financial information and
resources will remain exposed to unnecessary risk of inadvertent or
deliberate misuse, improper modification, unauthorized disclosure or
destruction."
The report says an underlying reason for many of these weaknesses is that
FDIC failed to fully or consistently implement aspects of its information
security program. Specifically, the GAO says, FDIC did not fully document
and implement information security controls, ensure that employees and
contractors received security awareness training, conduct continuing
assessments of security controls for all systems and remediate agency
identified weaknesses in a timely manner.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
