Peter J. Henning for the New York Times reported the Government Accountability Office had found IS deficiencies at the SEC that “limited the\u00a0effectiveness of the S.E.C\u2019s controls for protecting confidentiality, integrity and availability.\u201d\u00a0 They also found poor encryption practices on certain data.<\/p>\n
The hack was on a SEC system used by companies who are about to go public.\u00a0 The system is used as a practice system, where they enter in company information, just as they would when they become a publicly traded company.<\/p>\n
The hack could have exposed insider information on companies who used the system to practice, and entered in real data vs. test data.\u00a0 Meaning, actual results, financial statements, and other data reported to the SEC by publicly traded companies.<\/p>\n
This could have led to insider trading, by giving the hackers knowledge of non-public information and making trades based on that information.<\/p>\n
The questionable thing is that the hack occurred last year…\u00a0 NIST and FISMA require reporting of a breach within 120 days of knowing.\u00a0 Now, these documents also include guidance to determine if a breach notification is required based on the likelihood of harm and could be argued why the SEC didn’t report last year, but…\u00a0 This type of incident handling now gives companies like Equifax a road map on how “Not” to report a security breach.<\/p>\n
http:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-61r2.pdf<\/p>\n
https:\/\/www.nytimes.com\/2017\/09\/26\/business\/dealbook\/sec-hack.html?mcubz=1<\/p>\n","protected":false},"excerpt":{"rendered":"
Peter J. Henning for the New York Times reported the Government Accountability Office had found IS deficiencies at the SEC that “limited the\u00a0effectiveness of the S.E.C\u2019s controls for protecting confidentiality, integrity and availability.\u201d\u00a0 They also found poor encryption practices on certain data. The hack was on a SEC system used by companies who are about […]<\/p>\n","protected":false},"author":14419,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[715345],"tags":[],"class_list":{"0":"post-4651","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-04-enterprise-architecture","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4651","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/users\/14419"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/comments?post=4651"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4651\/revisions"}],"predecessor-version":[{"id":4652,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4651\/revisions\/4652"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/media?parent=4651"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/categories?post=4651"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/tags?post=4651"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}