The Internal Revenue Service let its guard down in a big way. It failed to save and review records adequately that could indicate if hackers were trying to break into the agency's systems. That finding was issued this week by the IRS inspector general. The IRS did a good job of tightening the security of its computer network, but it failed to comply with its own guidelines for saving and reviewing the audit logs that show what traffic the agency's routers and firewalls had blocked.
"Audit logging is critical...to detect potential security events such as hacking attempts and other malicious threats," the IG reported. The audit showed that "audit logs were not adequately saved and reviewed."
The action was like baking half a loaf when a full loaf was essential; in terms of making sure the IRS systems were airtight, the agency failed. It's not too comforting to know that the government may not be protecting your personal and company records.
For more on IRS stumbling:
- check out this Nextgov.com article [1]
Related Articles:
Hackers news from FierceCIO [2]
Security risks increase as companies cut budgets [3]
Auditing news from FierceCIO [4]
Links:
[1] http://www.nextgov.com/nextgov/ng_20081215_3758.php
[2] http://www.fiercecio.com/tags/hackers-0
[3] http://www.fiercecio.com/story/security-risks-increase-companies-cut-budgets/2008-12-13
[4] http://www.fiercecio.com/tags/auditing