Skip to main content

Financial Market Organizations Have Taken Steps to Protect against Electronic Attacks, but Could Take Additional Actions

GAO-05-679R Published: Jun 29, 2005. Publicly Released: Jul 29, 2005.
Jump To:
Skip to Highlights

Highlights

The September 11, 2001, terrorist attacks on the World Trade Center exposed the vulnerability of the financial markets to disruption by such events. As part of a series of reviews we have performed at the request of Members of Congress, we have examined and reported on the adequacy of the steps that financial market participants have taken to reduce their vulnerability to attacks and to be better able to recover from such events when they occur. In addition to taking steps to reduce the likelihood that physical attacks will damage their facilities, financial market organizations must also implement protections to reduce the potential for electronic attacks to disrupt their operations. Electronic attacks can be the result of individuals (such as hackers) or groups, such terrorist organizations or foreign governments, attempting to gain unauthorized access to a specific organization's networks or systems or from malicious computer programs or codes, such as viruses or worms, that seek to damage data or deny access to legitimate users. Given the importance of this topic, Congress asked us to review the measures taken by selected critical financial market organizations, including exchanges, clearing organizations, and payment system processors, to protect themselves from attacks and we reported our results in September 2004. At the time we prepared that report, we were still completing our reviews of the seven selected organizations' information security protections. For this report, our objective was to assess the information security programs in place at these organizations. To maintain the confidentiality of the sensitive information we examined, this report refrains from naming the organizations we reviewed and presents the results of our work in an high-level, aggregated manner.

Full Report

Office of Public Affairs

Topics

Computer crimesComputer networksComputer wormsComputer securityComputer security incidentsComputer security policiesComputer systemsComputer virusesCounterterrorismCrime preventionEmergency preparednessFinancial institutionsHackersHomeland securityInformation securityInformation systemsInternal controlsTerrorismUnauthorized access