Reasonable Doubter
About this Blog: CIO.com’s Reasonable Doubter Constantine von Hoffman keeps a close eye on technology, government, public policy, privacy and security to help readers see the forest for the trees—and the facts through the BS.
IRS Cybersecurity Loopholes Lead to ID Theft
For the sixth year in a row the agency failed to resolve known cybersecurity issues: installing critical software fixes, letting unauthorized people access accounting programs, not performing background checks on new hires and failing to make sure contractors had received proper security training.
If you thought you couldn’t like the Internal Revenue Service (IRS) any less, think again. For the past six years straight the IRS failed to install critical software fixes, let unauthorized people access accounting programs and didn’t make sure contractors had received proper security training.
According to a report from the Government Accountability Office (GAO), last year the IRS corrected just 29 of 105 previously reported weaknesses, or less than one third of the issues. And 13 of those 29 fixes had been done improperly or incompletely, the GAO reports.
Specific failures include:
- Lack of controls for identifying and authenticating users, including requirements for strong passwords
- Access to certain servers not appropriately restricted
- Sensitive data transmitted without encryption
- Lax physical access controls
So it's no surprise that last October the Treasury Inspector General for Tax Administration (TIGTA) said the top priority in its list of management challenges for the IRS this year was security of taxpayer data, including securing computer systems. That’s not to say no action was taken to address the problem; the action just wasn't very thorough or effective. In addition to a partially-implemented IT security program, the IRS is also at risk due to known vulnerabilities from outdated and unsupported software, and shortcomings in system backups are placing data availability at risk, according to the GAO.
By the way, TIGTA put out a report Monday that said it was unable to confirm that 77 percent of the agency’s new hires had been subjected to required background checks. Yikes.
The IRS is currently five years overdue for complaince with a federal cybersecurity law that says agencies must have department-wide programs that, among other things, train personnel to comply with security policies and test technical protections. I wonder if there’s any sort of late fee or other penalty on that...
Don’t worry too much, though. In response to the report, the IRS agreed to develop a detailed corrective action plan to address the problems.
Previous Post: Details on Latest Windows Flaw (And More Security News of the Week)Next Post: DoD Networks Completely Compromised, Experts Say
Most Discussed Posts
In this paper we discuss some of the key challenges of requirements management and how organizations are addressing these challenges to increase their likelihood of success.
In this eGuide, CIO along with Network World, InfoWorld and CSO, cover the pertinent information security topics of today. Read on to learn how to deal with threats, build effective security strategies and prepare for increased scrutiny.
The state of the high tech services industry is in flux as never before. With changing patterns of software/solution consumption and pressure on traditional service delivery models increasing, many leaders "get it" and want to move services forward.
A SIP-based Unified Communications infrastructure can improve productivity by 23%. Learn where SIP comes from, how it works and why the time has come to move to SIP.
CDW's reference guides provide a high-level, informative take on today's most pressing IT solution areas and related issues.
This guide provide up-to-date summaries, strategic guidance and best practice tips on the technologies driving IT operations forward.
For organizations looking to start a content analytics program or improve their existing capabilities, Aberdeen Group and IBM will lay out several recommendations on how to become a best-in-class customer service organization.
Register now to listen to this video whitepaper and to learn more about the components of content analytics applications, emerging best practices, and the issues to consider before deploying content analytics technologies.
Technology is now intertwined with nearly every aspect of business. Information technology is not only pervasive; it is fast becoming a primary driver of market differentiation, business growth, and profitability.
This session will discuss how Ashurst, a top-tier legal service provider for private and public sector clients worldwide, was able to effectively manage organizational change and improve their profitability using IBM Business Analytics.
To help you make the most of Mobility, IDG and SAP have created a three-part Mobile Playbook series packed with data, insights, best practices, resources, and a checklist for developing a winning mobile strategy.
Learn how the State of Michigan is utilizing DeepSight security intelligence to protect critical infrastructure.
Sponsored Links
