BROWSE BY TOPIC
- Bad Brokers
- Compliance Concepts
- Investor Protection
- Investments - Unsuitable
- Investments - Strategies
- Wall Street News
- Investments - Private
- Rules & Regulations
- Bad Advisors
- Boiler Rooms
- Terminations/Cost Cutting
- General News
- Donald Trump & Co.
- Big Banks
- Regulatory Sanctions
Stories of Interest
- Sarah ten Siethoff is New Associate Director of SEC Investment Management Rulemaking Office
- Catherine Keating Appointed CEO of BNY Mellon Wealth Management
- Credit Suisse to Pay $47Mn to Resolve DOJ Asia Probe
- SEC Chair Clayton Goes 'Hat in Hand' Before Congress on 2019 Budget Request
- SEC's Opening Remarks to the Elder Justice Coordinating Council
- Massachusetts Jury Convicts CA Attorney of Securities Fraud
- Deutsche Bank Says 3 Senior Investment Bankers to Leave Firm
- World’s Biggest Hedge Fund Reportedly ‘Bearish On Financial Assets’
- SEC Fines Constant Contact, Popular Email Marketer, for Overstating Subscriber Numbers
- SocGen Agrees to Pay $1.3 Billion to End Libya, Libor Probes
- Cryptocurrency Exchange Bitfinex Briefly Halts Trading After Cyber Attack
- SEC Names Valerie Szczepanik Senior Advisor for Digital Assets and Innovation
- SEC Modernizes Delivery of Fund Reports, Seeks Public Feedback on Improving Fund Disclosure
- NYSE Says SEC Plan to Limit Exchange Rebates Would Hurt Investors
- Deutsche Bank faces another challenge with Fed stress test
- Former JPMorgan Broker Files racial discrimination suit against company
- $3.3Mn Winning Bid for Lunch with Warren Buffett
- Julie Erhardt is SEC's New Acting Chief Risk Officer
- Chyhe Becker is SEC's New Acting Chief Economist, Acting Director of Economic and Risk Analysis Division
- Getting a Handle on Virtual Currencies - FINRA
We seek to provide information, insights and direction that may enable the Financial Community to effectively and efficiently operate in a regulatory risk-free environment by curating content from all over the web.
Stay Informed with the latest fanancialish news.
NEWSLETTERS & ALERTS
SEC Computer Networks Cited for Deficiencies - Report
The SEC has some ways to go toward improving its computer networks – according to a report from the Government Accountability Office (GAO). While the SEC, as of September 2016, has resolved most (47) of the 58 recommendations served up in the GAO’s last report, it still needs to address the following:
- 11 prior recommendations that included consistently protecting its network boundaries from possible intrusions, identifying and authenticating users, authorizing access to resources, auditing and monitoring actions taken on its systems and network, or encrypting sensitive information while in transmission.
- 15 newly identified control deficiencies limited the effectiveness of SEC's controls for protecting the confidentiality, integrity, and availability of its information systems. For example:
► SEC did not consistently control logical access to its financial and general support systems;
► SEC used unsupported software to process financial data.
► SEC did not adequately segregate incompatible duties for one of its personnel.
► SEC did not fully implement key elements of its information security program – like, not maintaining up-to-date network diagrams and asset inventories in its system security plans for its general support system and its key financial system application to accurately and completely reflect the current operating environment.
The GAO notes that, until the SEC mitigates these deficiencies, its financial and support systems and the information they contain will continue to be at unnecessary risk of compromise. Among its recommendations:
- Recommendation: To effectively manage its information security program, the SEC Chairman should maintain up-to-date network diagrams and asset inventories in the system security plans for General Support System and a key financial system to accurately and completely reflect the current operating environment.
- Recommendation: To effectively manage its information security program, the SEC Chairman should perform continuous monitoring using automated configuration and vulnerability scanning on the operating systems, databases, and network devices.