The Inspector General (IG) of the U.S. Securities and Exchange Commission (SEC) reported last week that the SEC has not sufficiently implemented information technology security upgrades in order to protect highly sensitive information from data breaches. The IG reported that SEC officials failed to deactivate idle user accounts, did not ensure that owners kept their systems performing consistently, and failed to monitor risks. The Office of Information Technology did not implement a risk committee or ensure that employees follow best practices….
via SEC’s IT Security Under Attack as It Attacks Others | McGuireWoods LLP
