FDIC faulted for weak IT security

[InfoSec News <isn () c4i org>]

http://www.computerworld.com/securitytopics/security/story/0,10801,72741,00.html

By Patrick Thibodeau
JULY 15, 2002

WASHINGTON -- A federal agency created in the 1930s to help restore 
economic confidence during the Great Depression isn't winning the 
confidence of a congressional watchdog agency for its information 
security practices. 

The Federal Deposit Insurance Corp. was faulted by the U.S. General 
Accounting Office for access policies that give hundreds of end users 
privileges that allow them to modify financial software, as well as 
read, modify and copy financial data, the GAO said in a report 
(download PDF) [1] today. 

Many end users had access to "powerful" systems commands, including 26 
help desk employees and 14 database staffers who didn't need access to 
these commands, the GAO said. 

The FDIC has been previously faulted by the GAO for IT security. But 
the GAO acknowledged that the FDIC has taken steps to improve its 
operations, including the use of a guard service to provide security 
surveillance to its computer rooms and an assessment of data to 
determine the level of security needed to protect it. 

The FDIC, in a written response, said the GAO's findings will help it 
improve security. 

The FDIC insures deposits in excess of $3.2 trillion for about 10,000 
financial institutions. 

[1] http://www.gao.gov/new.items/d02689.pdf



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.