Despite some improvements, the IRS needs to do much more to secure its IT systems, congressional auditors say.
Taxpayer information housed on Internal Revenue Service computers remains at risk of being exposed because of information security control weaknesses, according to a Government Accountability Office report issued Friday.
"These weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification, or loss, possibly without detection, and place IRS operations at risk of disruption," wrote GAO information security issues director Gregory Wilshusen and chief technologist Keith A. Rhodes in a 33-page report to IRS Commissioner Mark Everson, who didn't challenge the findings.
GAO, the auditing arm of Congress, examined IRS's fiscal 2005 financial statements, assessing the agency's progress in correcting previously reported information security weaknesses at two sites and determining if controls over key financial and tax processing systems at those facilities effectively ensures the confidentiality, integrity, and availability of sensitive taxpayer data.
The GAO noted some progress, but the IRS has failed to fix 40 previously reported flaws discovered in its IT security. Plus, the GAO identified new information security control weaknesses.
For example, the IRS hasn't instituted effective electronic access controls related to network management, user accounts and passwords, user rights and file permissions, and logging and monitoring of security-related events, the Congressional auditors said. Also, the tax agency hasn't effectively implemented other information security controls to physically secure computer resources and to prevent exploitation of vulnerabilities and unauthorized changes to system software.
"Until [the] IRS fully implements a comprehensive agencywide information security program," the GAO report states, "its facilities and computing resources and the information that is processed, stored, and transmitted on its systems will remain vulnerable."
Everson assured the GAO that the IRS is pursuing an agencywide approach to address the root cause of the weaknesses, adding that many weaknesses have been corrected and additional controls have been implemented. He characterized the IRS efforts to fix security flaws as aggressive, noting that agency is developing security plans, security documentation, and security testing.
2014 Next-Gen WAN SurveyWhile 68% say demand for WAN bandwidth will increase, just 15% are in the process of bringing new services or more capacity online now. For 26%, cost is the problem. Enter vendors from Aryaka to Cisco to Pertino, all looking to use cloud to transform how IT delivers wide-area connectivity.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.