The Government Accountability Office provided the Federal Deposit Insurance Corporation with two recommendations to beef up its network security in a recently released report.
Recommendations:
- To enhance FDIC’s information security program, the Acting Chairman should direct the Director of the Division of Resolutions and Receiverships and the Chief Information Officer to develop, document, and implement appropriate information security activities in the loss-share loss estimation process, such as assessing and mitigating risks, managing and controlling the configurations of programs and databases, evaluating the effectiveness of security controls, and ensuring that data and programs can be recovered after a disruption.
- To enhance FDIC’s information security program, the Acting Chairman should direct the Chief Information Officer to work with the external Web service provider to obtain a more timely delivery of the provider’s Statement on Standards for Attestation Engagements (SSAE) 16 report (previously known as a SAS 70 report), or to obtain other means of assurance of internal controls.
Full report:
Advertisement
