From: FierceGovernmentIT
By Dibya Sarkar
The Securities and Exchange Commission has improved its information security management in several key areas, but the agency is still falling short in awareness training and permissions for certain systems to operate, according to a recent internal watchdog audit.
The SEC inspector general said in its brief report (pdf) dated Feb. 5 that three production systems didn’t always have a current authorization to operate, or ATO, which is essentially a certification that the system is approved to process, store or transmit information. The audit also said the agency’s security awareness training didn’t include the required insider threat component.
Leave a Reply