The U.S. Securities and Exchange Commission (SEC) failed to implement the same controls it monitors in public insurance corporations for Sarbanes-Oxley compliance, according to the IT Compliance Institute, an online information technology compliance site. The SEC isn't subject to SOX, HIPAA, or GLB, but it is accountable to the Federal Information Security Management Act. Under this law, the SEC has annually reported on its information security since 2002.The report, released by the Government Accountability Office, noted the following vulnerabilities: Ineffective electronic access controls of user accounts and passwords, access rights and permissions; network vulnerability to improper access, through both network architecture and direct physical access to unlocked wiring closets; spotty policies and procedures for key control areas and general support systems; and an inability to assess security risks or identify anomalous or suspicious network activities for review.

Register or login for access to this item and much more

All Digital Insurance content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access