Shielding your network is critical, but the details can slip through the cracks of even the biggest organizations, like the Securities Exchange Commission (SEC).

Exactly like the SEC.

In fact, the SEC actually did fail to deploy proper security controls to protect computer networks from unauthorized access, leaving sensitive financial information at risk, according to a report the Government Accountability Office released on Tuesday.

As part of a fiscal 2008 audit of financial statements, GAO evaluated the effectiveness of SEC’s information security controls for key financial systems, data, and networks. The agency concluded in the report that weaknesses in information security cause “a significant deficiency” in protecting information systems and data used for financial reporting.

SEC corrected or mitigated 18 deficiencies in its security controls that GAO identified in an audit, which the auditor released in February 2008.

On the upside: The SEC improved identity management processes and the security of the perimeter of its operations center, more consistently monitored unusual and suspicious network activities, and removed network system accounts and data center access rights for employees who left the agency.

So they’ve got that going for them.

Tags: networks, SEC, security controls