The U.S. Securities and Exchange Commission must bolster its information security to protect corporate financial data and other sensitive information stored in its IT systems, according to a report released late last month by the Government Accountability Office.The report found that the SEC has corrected or mitigated only eight of 51 weaknesses cited by the GAO in a report last year, a response the oversight office of the U.S. Congress called inadequate. The report identified 15 new vulnerabilities in addition to those on last year’s list.Corrective actions taken by the SEC over the past year include replacing a vulnerable, publicly accessible workstation, and developing and implementing change-control procedures for an undisclosed major application.The report found that the financial regulatory agency has not yet effectively controlled remote access to its servers, established adequate controls over passwords, or managed access to its systems and data. In addition, the SEC has yet to securely configure network devices and servers or implement auditing and monitoring mechanisms to detect and track security incidents. Weak controlsMost of the newly discovered weaknesses are related to electronic-access controls such as user accounts and passwords, access rights and permissions, and network devices and services, the GAO said. For example, the GAO said the SEC has not adequately controlled user accounts and passwords to ensure that only authorized individuals can access its systems and data.In addition, the GAO found that the SEC permits users to modify sensitive information or critical system files and directories without required permissions, increasing the risk that the SEC’s applications and sensitive financial data could be compromised.The report determined that the vulnerabilities continue to leave sensitive SEC financial information without sufficient protection against disclosure, modification or loss.Until the SEC fully develops, implements and documents key elements of an information security program to ensure that effective controls are in place and are maintained, its information systems will remain at risk and be vulnerable to disruption, the GAO said.In a written response, the SEC said it agrees with the agency’s findings and is focusing on implementing its recommendations. Related content news analysis IBM cloud service aims to deliver secure, multicloud connectivity IBM Hybrid Cloud Mesh is a multicloud networking service that includes IT discovery, security, monitoring and traffic-engineering capabilities. By Michael Cooney Dec 07, 2023 3 mins Network Security Cloud Computing Networking news Gartner: Just 12% of IT infrastructure pros outpace CIO expectations Budget constraints, security concerns, and lack of talent can hamstring infrastructure and operations (I&O) professionals. By Denise Dubie Dec 07, 2023 4 mins Network Security Data Center Industry feature Data centers unprepared for new European energy efficiency regulations Regulatory pressure is driving IT teams to invest in more efficient servers and storage and improve their data-center reporting capabilities. By Maria Korolov Dec 07, 2023 7 mins Enterprise Storage Green IT Servers news analysis AMD launches Instinct AI accelerator to compete with Nvidia AMD enters the AI acceleration game with broad industry support. First shipping product is the Dell PowerEdge XE9680 with AMD Instinct MI300X. By Andy Patrizio Dec 07, 2023 6 mins CPUs and Processors Generative AI Data Center Podcasts Videos Resources Events NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe