[ISN] IRS nearly resolves one security threat, receives incomplete on others

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.nextgov.com/nextgov/ng_20090915_8372.php

By Jill R. Aitoro
NextGov.com
09/15/2009

The Internal Revenue Service showed mixed results in its effort to 
reduce security risks associated with laptops and a system that 
processes individual income tax returns, according to the Treasury 
inspector general for tax administration.

The inspector general released two audits this week that evaluated the 
agency's progress in correcting security issues identified in previous 
reports.

In one report released on Tuesday, the auditor found that the IRS 
installed an encryption program on 99 percent of its laptops to protect 
data stored on the computer's hard drive from unauthorized users.

"Only after a successful log on to the encryption software will the 
computer start the log-on process to access other system files," the 
inspector general reported. "Consequently, any sensitive data on the 
computer remains encrypted until a user has successfully logged on and 
deactivated the encryption."

The IRS installed the program in response to a March 2007 audit that 
reported sensitive data on laptops and other electronic media was not 
properly protected.

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org