Information about http://www.sec.gov/about/oig/audit/2008/445finmemo.pdf

MEMORANDUM …

Pages: 2
Language: english
Created: Sat Aug 2 15:16:29 2008
Display cached document
Page 1
image
Page 2
image
                                     MEMORANDUM

                                          March 21, 2008

TO:              Corey Booth
                 Chief Information Officer

FROM:            H. David Kotz
                 Inspector General

SUBJECT:         SafeSearch Filter on Internet Search Engines (No. 445)

The Office of Inspector General (OIG) continues to receive monthly referrals from the
Office of Information Technology (OIT) of employees who have used their SEC-
assigned computers to access Internet pornography in violation of Commission rules and
policies and notwithstanding the agency's Internet filter. We have conducted
investigations and inquiries into many of these referrals. 1

Several of the investigations and inquiries conducted by the OIG have revealed that SEC
employees were able to access pornographic images by searching for images using
Internet search engines such as Google and Yahoo and turning off the SafeSearch Filter
feature. We understand from conversations with the OIT Security Group that technology
is currently available that would enable OIT to prevent employees from turning off the
SafeSearch Filter feature when searching for images on the Internet. In addition, as the
OIT Security Group has acknowledged, new technology changes and tools may be
developed to circumvent IT security policies that will require additional measures in the
future.

We are recommending that the technology that will prevent employees from turning off
the SafeSearch Filter be implemented expeditiously on a Commission-wide basis to
further limit employees' ability to access pornographic images from their Commission
computers. We are also recommending that the OIT Security Group continue to monitor
new developments in technology in order to restrict employees' ability to circumvent the
filters.

        Recommendation A

        The Office of Information Technology (OIT) should, on a Commission-
        wide basis, implement the necessary technology to prevent employees
        from turning off the SafeSearch Filter feature when searching for images
        on the Internet, and should continue to monitor new technological
        developments.



1
  The OIG issued a memorandum (No. 443) on November 15, 2007, making several recommendations
designed to address the continued problem of SEC employees accessing Internet pornography from their
Commission computers). These recommendations are still pending.
cc:   Peter Uhlmann, Chief of Staff
      Diego Ruiz, Executive Director
      Brian Cartwright, General Counsel
      Richard Humes, Associate General Counsel for Litigation and Administrative
      Practice
      William Lenox, Ethics Counsel
      Joseph Gerrity, Chief Information Security Officer
      Dan Lisewski, Branch Chief for Information Resources Management
      Jeffrey Risinger, Associate Executive Director for Human Resources
      Darlene Pryor, Management Analyst, Office of Executive Director




                                         2