NABET, NABET 2016 Conference

Font Size: 
Cybersecurity: Has the SEC Protected Its Own House?
Carolyn LaMacchia, Loren F. Selznick

Last modified: 2017-03-25

Abstract


The Securities and Exchange Commission (SEC), which had been conducting cybersecurity examinations of broker-dealers and other players in the securities markets, has been criticized for its own cybersecurity weaknesses. In Fiscal Year 2014 audit, the U.S. Government Accountability Office determined that the SEC suffered from multiple cybersecurity weaknesses. Its comprehensive security environment was vulnerable in two major areas: (1) maintenance and monitoring of configuration baseline standards; and (2) implementation of password setting and network service standards. The appropriate management of these two areas is critical in defending against breaches. This paper explores the current state of the SEC cybersecurity system and whether the weaknesses cited have been addressed.


Keywords


cyber security; Securities and Exchange Commission (SEC); technology audit