In carrying out its mission to ensure that securities markets are fair, orderly, and efficiently maintained, the SEC relies extensively on computerized systems. Effective information security controls are essential to ensure that SEC's financial and sensitive information is protected from inadvertent or deliberate misuse, disclosure, or destruction. This report assessed: (1) the status of SEC's actions to correct previously reported information security weaknesses; and (2) the effectiveness of SEC's controls for ensuring the confidentiality, integrity, and availability of its information systems and information. The auditor examined security policies and artifacts, interviewed pertinent officials, and conducted tests and observations of controls in operation. Illus.