GAO: Financial bodies need to beef up security

Financial market organizations still need better information security, particularly restrictions on who may access their systems, government auditors have suggested. A recent Government Accountability Office report to Congress (PDF here) said seven unnamed financial market bodies have taken steps to fend off electronic attacks but still need to do more.

As of the report's publication on June 29, the organizations under study had completed action on 35 percent of the issues deemed by the GAO to be necessary for creating a "sound information security program." The groups were considering, planning, or in the process of taking action on the bulk of the remaining suggestions. The GAO says it will continue to monitor their progress.

GAO: Financial bodies need to beef up security

GAO: Financial bodies need to beef up security

Mr. AT Alishtari, POA and Founder EDI Secure LLLP, says the marketplace needs teeth in its Federal Standards and if all GAO can do is monitor the situation, what good is it to the consumer. It can report to Congress but if, as the adage goes, GAO is not a part of a solution, it is a part of the problem.

The dentist for US federal authentication and ID protection standards is taking advice now on how to build up protection until September 13 2005. The US Department of Commerce National Institute of Science and Technology, or NIST, just last week came out with level 1-4 authentication standards for encryption and privacy protection.

This would be good but then the OMB suggests use of them. A loophole is what is good for the goose is good for the gander. As the government requires level 4, any other depositor under bank law can get it too. This opens up case law for class actions. The standards need to fixed like the U.K., Germany, Amsterdam, both Chinas, France, Italy and even Russia, or what used to be that, all mandating what the U.S. is strongly suggesting. Bloggers get set, go.