http://www.computerworld.com/securitytopics/security/story/0,10801,72741,00.html

By Patrick Thibodeau
JULY 15, 2002

WASHINGTON -- A federal agency created in the 1930s to help restore
economic confidence during the Great Depression isn't winning the
confidence of a congressional watchdog agency for its information
security practices.

The Federal Deposit Insurance Corp. was faulted by the U.S. General
Accounting Office for access policies that give hundreds of end users
privileges that allow them to modify financial software, as well as
read, modify and copy financial data, the GAO said in a report
(download PDF) [1] today.

Many end users had access to "powerful" systems commands, including 26
help desk employees and 14 database staffers who didn't need access to
these commands, the GAO said.

The FDIC has been previously faulted by the GAO for IT security. But
the GAO acknowledged that the FDIC has taken steps to improve its
operations, including the use of a guard service to provide security
surveillance to its computer rooms and an assessment of data to
determine the level of security needed to protect it.

The FDIC, in a written response, said the GAO's findings will help it
improve security.

The FDIC insures deposits in excess of $3.2 trillion for about 10,000
financial institutions.

[1] http://www.gao.gov/new.items/d02689.pdf

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]