Although the Internal Revenue Service is making progress towards improving the integrity of its data systems, a recent report by the General Accounting Office (GAO) has revealed that the agency still has much to do before its computer systems can be considered totally secure.
According to the report, the IRS "has made important progress toward improving information security controls and implementing an agencywide information security program. It has implemented various safeguards designed to help protect its systems from external attack and has established information security policies, standards, and guidelines that, if effectively implemented, would protect its information systems from many threats."
However, the GAO warned that "computer control weaknesses continued to threaten the confidentiality, integrity, and availability of sensitive systems and taxpayer data." The IRS’s inconsistent implementation of logical access controls at its facilities did not effectively prevent, limit, or detect access to computing resources, the report continued.
The GAO study also pointed out that lapses in the areas of physical security, segregation of duties, software change controls, and service continuity "reduced IRS’s effectiveness in protecting and controlling physical access to assets, minimizing the risk of errors or fraud, mitigating the risk of unauthorized or inappropriate software programs, and ensuring the continuity of data processing operations when unexpected interruptions occur."
In addition, the accounting office found examples of staff with inadequate authorization gaining access to sensative data. All of these factors combined to increase the vulnerability of data processed by the IRS and increased the chances of system disruption, the GAO concluded.
The report noted however, that some effort had been made by the revenue authority recently on improving its security: "IRS has increased the resources devoted to securing its systems and data—increasing, for example, the number of specialists assigned to Security Services (formerly the Office of Systems Standards and Evaluation) from about 60 in 1998 to 97 in 2003. It has also implemented and improved control measures that limit physical access to facilities and computing resources, and has established a virus protection and eradication program, including regular updates from its software suppliers. Further, IRS now has a 24-hour-a-day, 7-day-a-week Computer Security Incident Response Capability team, which provides safeguards against various cyber threats."
Nevertheless, the GAO observed, although the IRS has made important progress, it has not consistently implemented effective computer controls. It added that computer-related weaknesses continued to pervade the IRS facilities reviewed between 1999 and 2002.
.
Network Tweets
Network BlogsContent
provided by
|
Archive | Resources | Partners | Site Map | Links | Newsletter Archive | Contact | RSS Feeds | About | Syndication | Advertising & Marketing | Recruitment | Terms & Conditions | Privacy & Cookies
Copyright © 2012 - All Rights Reserved - Tax-News.com
IMPORTANT NOTICE: Tax-News.com has taken reasonable care in sourcing and presenting the information contained on this site, but accepts no responsibility for any financial or other loss or damage that may result from its use. In particular, users of the site are advised to take appropriate professional advice before committing themselves to involvement in offshore jurisdictions, offshore trusts or offshore investments.
Write a comment