Infrastructure // Unified Communications
01:09 PM
Connect Directly
Repost This

GAO: Sensitive Taxpayer Data At Risk

Despite some improvements, the IRS needs to do much more to secure its IT systems, congressional auditors say.

Taxpayer information housed on Internal Revenue Service computers remains at risk of being exposed because of information security control weaknesses, according to a Government Accountability Office report issued Friday.

"These weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification, or loss, possibly without detection, and place IRS operations at risk of disruption," wrote GAO information security issues director Gregory Wilshusen and chief technologist Keith A. Rhodes in a 33-page report to IRS Commissioner Mark Everson, who didn't challenge the findings.

GAO, the auditing arm of Congress, examined IRS's fiscal 2005 financial statements, assessing the agency's progress in correcting previously reported information security weaknesses at two sites and determining if controls over key financial and tax processing systems at those facilities effectively ensures the confidentiality, integrity, and availability of sensitive taxpayer data.

The GAO noted some progress, but the IRS has failed to fix 40 previously reported flaws discovered in its IT security. Plus, the GAO identified new information security control weaknesses.

For example, the IRS hasn't instituted effective electronic access controls related to network management, user accounts and passwords, user rights and file permissions, and logging and monitoring of security-related events, the Congressional auditors said. Also, the tax agency hasn't effectively implemented other information security controls to physically secure computer resources and to prevent exploitation of vulnerabilities and unauthorized changes to system software.

"Until [the] IRS fully implements a comprehensive agencywide information security program," the GAO report states, "its facilities and computing resources and the information that is processed, stored, and transmitted on its systems will remain vulnerable."

Everson assured the GAO that the IRS is pursuing an agencywide approach to address the root cause of the weaknesses, adding that many weaknesses have been corrected and additional controls have been implemented. He characterized the IRS efforts to fix security flaws as aggressive, noting that agency is developing security plans, security documentation, and security testing.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.