http://www.nextgov.com/nextgov/ng_20120319_2120.php By Aliya Sternstein Nextgov 03/19/2012 During the past year, the Internal Revenue Service did not install critical fixes for software vulnerabilities, allowed unauthorized access to accounting programs and failed to ensure contractors received security training, according to the auditors' auditors. Around tax time in 2007, 2008, 2009, 2010, 2011 and now this year, the Government Accountability Office has identified similar, recurring weaknesses that could expose sensitive taxpayer information and agency financial data, according to archived GAO reports. "IRS had never installed numerous patch releases for the Unix operating system" that had been in operation since March 2009, stated the most recent report, released Friday. By not patching security holes on a timely basis, the "IRS increases the risk that known vulnerabilities in its systems may be exploited." The key reason IRS computers are susceptible to tampering is the tax agency has yet to institute a mandatory information security program, GAO officials have said for five years. Under federal cybersecurity law, agencies must deploy a departmentwide initiative that, among other things, trains personnel to comply with security policies and tests technical protections. [...] ______________________________________________________________________________ CISSP and CEH training with Expanding Security is the fastest, easiest way to grock the relevant data you need now. A free class invite is in every PainPill. Sign up for the free weekly PainPill . It's that easy. http://www.expandingsecurity.com/PainPillReceived on Tue Mar 20 2012 - 01:07:47 PDT
This archive was generated by hypermail 2.2.0 : Tue Mar 20 2012 - 01:12:48 PDT