[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] GAO Report Highlights Common Database And Access Control Woes
By Ericka Chickowski
Nov 16, 2011
A new report out from the Government Accountability Office (GAO) ripped
into the IRS once again for insufficient access controls, database
maintenance, and monitoring necessary to keep taxpayer information safe.
The report's findings echo many of the issues seen in database and
application security across many large enterprises today, experts say.
Released last week, the GAO's financial audit (PDF) reported that during
the past fiscal year, the IRS still had glaring holes in internal
controls over information security, in spite of initiating efforts to
address concerns levied by the GAO in past years.
"IRS improved several system-level controls, including the encryption of
data transferred between some accounting systems, upgrades to critical
network devices on the agencyâs internal network, and strengthening of
the architecture of an important financial system to eliminate
identified areas of weakness," the report read. "However, despite these
efforts and enhanced management attention toward controls, a majority of
the known weaknesses in the agencyâs systems and internal network and
physical security controls remained unresolved in fiscal year 2011."
According to Don Gray, chief security strategist for Solutionary, an
Omaha-based managed security service provider, the IRS isn't special in
the fact that it hasn't been able to keep up with regulator demands.
Subscribe to InfoSec News - www.infosecnews.org