GAO: IRS Slow to Fix Numerous IT Security Gaps

Region: Corporate

Government

You are not logged in Login

The Information Resource for the Emergency Management Industry!

HOME

PAPERS

INDUSTRY NEWS

	Browse Emergency Products & Suppliers By Category

	Browse Emergency Whitepapers By Sector

	Browse Emergency Management Events By Category

Press Release

Click Here to view Press Releases

GAO: IRS Slow to Fix Numerous IT Security Gaps

April 04, 2007


		View Participation Packages

The Internal Revenue Service has not corrected numerous information security weaknesses that impair its ability to ensure the confidentiality, integrity and availability of financial and sensitive information, the Government A. These problems constitute a major weakness in the IRS’ internal controls over its financial and tax processing systems, the Government Accountability Office said.

The tax agency experiences gaps in access controls related to user identification and authentication, authorization, encryption, monitoring, and physical security. Data is at risk from weaknesses in configuration management, segregation of duties, media destruction and disposal, and personnel security controls.

The IRS has not resolved these vulnerabilities because it has not yet fully implemented the critical elements of a comprehensive information security program, including risk assessments, enhanced policies and procedures, security plans, training, adequate testing and evaluation, and continuity of operations for all major systems.

“As a result, weaknesses in information security controls over its key financial and tax processing systems could impair IRS’ ability to perform vital functions and could increase the risk of unauthorized disclosure, modification or destruction of financial and sensitive taxpayer information,” said Gregory Wilshusen, director, GAO Information Security Issues, and Keith Rhodes, GAO’s chief technologist, in their recent report..

The IRS has corrected 25 of the 73 IT security weaknesses from last year, such as implementing controls to authorize access to Windows systems, network devices, databases and mainframe systems. The agency has improved password controls on its servers and enhanced audit and monitoring efforts for mainframe and Windows user activity. Still, 48 of the 73 weaknesses are not fixed, GAO said.

Among GAO’s 10 recommendations, IRS needs to update risk assessments for systems and policies and procedures on configuring mainframe IDs used by the operating system and certain mainframe programs, develop a system security plan for the system that supports the general ledger for tax administration and enhance the Enterprise learning management System to include all security training courses that IRS employees and contractors take.

Source

	Other News
	IBM and Red Hat Achieve Highest Security Certification for Linux on IBM Servers
	FBI Working to Bottle up 'Botnet'Hackers
	Microsoft Patches 17 Flaws in Client Products
	Websense Unveils Industry’s First Information Leak Prevention Software with Web Intelligence
	SSH Announces First End-to-End Security Solution for Securing Data across Multi-Platform U.S. Government Computing Systems Using Common Access Cards
More news

Featured Whitepaper
High-Volume Inbound Call Handling Capacity – Critical for Co...
	During a crisis, an agency’s inbound telecommunication system can be overwhelmed ve... Read more
Twenty First Century Communications
More white papers

DELEGATES

12964

[ Conference Sectors Case Studies List of Papers Exhibition Sectors Vendor Presentation List of Exhibitors Industry News Sponsors All Exhibitors All Papers Sitemap Registration Links ]

:: IDS Plastics :: IDS Water ::IDS Packaging::IDS Publishing/Media ::IDS Healthcare Management ::IDS Environment::IDS Power/Energy::

Industry IDS, Inc. – Online Tradeshow, Exhibition, & Buyers Guide Solutions