GAO: Sensitive Taxpayer Data At Risk - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

CIO Insights & Innovation
Security & Risk Strategy
Team Building & Staffing
IT Strategy
Digital Business
Project Management
Programming Languages
Dr. Dobb's
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Network Security
Careers & People
Threat Intelligence
IoT
Attacks & Breaches
Application Security
Cloud Security
Endpoint Security
Mobile Security
Perimeter Security
Risk Management
Operations Security
Analytics
Vulnerabilities & Threats
Security & Risk Strategy
Infrastructure as a Service
Platform as a Service
Software as a Service
Cloud Storage
Data Centers
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
AI/Machine Learning
Big Data Analytics
Hardware/Architectures
Software Platforms
IoT
Networking
Wireless Infrastructure
Data Centers
Cloud Infrastructure
Careers and Certifications
Network Security
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
Industries
Government
Healthcare
Wall Street & Technology
Bank Systems & Technology
Insurance & Technology
IT Life
Careers
Mobile
Mobile Applications
Mobile Devices
Mobile Business
Enterprise Mobility Management
Software
Enterprise Applications
Operating Systems
Productivity/Collaboration Apps
Infrastructure

GAO: Sensitive Taxpayer Data At Risk

Despite some improvements, the IRS needs to do much more to secure its IT systems, congressional auditors say.

Taxpayer information housed on Internal Revenue Service computers remains at risk of being exposed because of information security control weaknesses, according to a Government Accountability Office report issued Friday.

"These weaknesses increase the risk that sensitive financial and taxpayer data will be inadequately protected against disclosure, modification, or loss, possibly without detection, and place IRS operations at risk of disruption," wrote GAO information security issues director Gregory Wilshusen and chief technologist Keith A. Rhodes in a 33-page report to IRS Commissioner Mark Everson, who didn't challenge the findings.

GAO, the auditing arm of Congress, examined IRS's fiscal 2005 financial statements, assessing the agency's progress in correcting previously reported information security weaknesses at two sites and determining if controls over key financial and tax processing systems at those facilities effectively ensures the confidentiality, integrity, and availability of sensitive taxpayer data.

The GAO noted some progress, but the IRS has failed to fix 40 previously reported flaws discovered in its IT security. Plus, the GAO identified new information security control weaknesses.

For example, the IRS hasn't instituted effective electronic access controls related to network management, user accounts and passwords, user rights and file permissions, and logging and monitoring of security-related events, the Congressional auditors said. Also, the tax agency hasn't effectively implemented other information security controls to physically secure computer resources and to prevent exploitation of vulnerabilities and unauthorized changes to system software.

"Until [the] IRS fully implements a comprehensive agencywide information security program," the GAO report states, "its facilities and computing resources and the information that is processed, stored, and transmitted on its systems will remain vulnerable."

Everson assured the GAO that the IRS is pursuing an agencywide approach to address the root cause of the weaknesses, adding that many weaknesses have been corrected and additional controls have been implemented. He characterized the IRS efforts to fix security flaws as aggressive, noting that agency is developing security plans, security documentation, and security testing.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Webcasts
More Webcasts
White Papers
More White Papers
Reports
More Reports
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Editors' Choice
Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Download Now!
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Download This Issue!
Slideshows
Flash Poll