Federal Oversight of Computer Security Needs to Be Strengthened
T-IMTEC-90-2: Published: Feb 21, 1990. Publicly Released: Feb 21, 1990.
GAO discussed its examination of computer security and federal oversight over certain critical financial and banking computer systems. GAO noted that: (1) there were no instances of hacker or virus attacks on the systems; (2) all of the systems had internal control weaknesses that would allow undetected security intrusions; (3) two systems had security weaknesses that increased the operational security risks; (4) none of the systems had an information security program; and (5) the Securities and Exchange Commission needed to take a more proactive role in ensuring the integrity of the systems. GAO also noted that: (1) control and management weaknesses increased security risks to the banking systems; (2) there were no reported instances of fraudulent fund transfers; and (3) there are uncertainties about regulatory authority over the banking systems.