[ISN] GAO: Uncorrected Flaws In IRS Security Systems Leave Taxpayer Data At Risk

From: InfoSec News <alerts_at_private>
Date: Wed, 24 Mar 2010 00:47:31 -0600 (CST)

By Tim Wilson
March 22, 2010 

With tax time rapidly approaching, the U.S. Internal Revenue Service 
still has not sealed up all of the holes that could allow insiders or 
external hackers to access taxpayer data, according to a new report.

In a study (PDF) issued last week, the Government Accountability Office 
states that the IRS has corrected less than one-third of the 89 security 
weaknesses identified in its audit of the tax agency last year.

"While IRS has corrected 28 control weaknesses and program deficiencies, 
61 of them -- or about 69 percent -- remain unresolved or unmitigated," 
the report states. "For example, IRS continued to install patches in an 
untimely manner and used passwords that were not complex. In addition, 
IRS did not always verify that remedial actions were implemented, or 
effectively mitigate the security weaknesses."

Weaknesses in IRS systems "continue to jeopardize the confidentiality, 
integrity, and availability of financial and sensitive taxpayer 
information," the GAO says. "IRS did not consistently implement controls 
that were intended to prevent, limit, and detect unauthorized access to 
its systems and information.


Register now for HITBSecConf2010 - Dubai, the premier 
deep-knowledge network security event in the GCC, 
featuring keynote speakers John Viega and Matt Watchinski! 
Received on Tue Mar 23 2010 - 23:47:31 PDT

This archive was generated by hypermail 2.2.0 : Tue Mar 23 2010 - 23:54:58 PDT