E-CommerceALERT.com is part of the Bennett Gold LLP web site network.
LINK TO: Bennett Gold LLP, Chartered Professional Accountants, home page.
LINK TO: E-CommerceALERT.com Home Page.
CLICK to GO BACK to Main Page.

Research and retrieval of news articles by:
Bennett Gold LLP, Chartered Professional Accountants


SPECIAL NOTE TO ALL VISITORS:
Effective December 31 2012, articles are no longer being updated on this web site.
The site is now maintained as an historical archive, covering notable e-commerce news articles from the period 1999 to 2012.


IRS COMPUTER SECURITY CENTER NEEDS IMPROVEMENT

Source: Accounting Today

Posted on April 12, 2012

The office at the Internal Revenue Service that is responsible for monitoring the IRS network for cyberattacks and computer vulnerabilities is generally doing a good job, but still has room for improvement, according to a new government report.

The report, by the Treasury Inspector General for Tax Administration, evaluated the effectiveness of the Computer Security Incident Response Center at preventing, detecting, reporting and responding to computer security incidents targeting IRS computers and data.

"TIGTA found that the CSIRC is effectively performing most of its responsibilities for preventing, detecting, and responding to computer security incidents," said TIGTA Inspector General J. Russell George in a statement. "However, further improvements could be made."

TIGTA recommended that the assistant chief information officer of cybersecurity at the IRS direct the CSIRC to develop its Cybersecurity Data Warehouse capability to correlate and reconcile active servers connected to the IRS network with servers monitored by the host-based intrusion detection system. The report also recommended that the IRS revise and expand its memorandum of understanding with the TIGTA Office of Investigations to ensure that all reportable and relevant security incidents are shared with the CSIRC.

George noted that the CSIRC's host-based intrusion detection system is not monitoring 34 percent of IRS servers, which puts the IRS network and data at risk. In addition, the CSIRC is not reporting all computer security incidents to the Department of the Treasury, as required. Finally, incident response policies, plans, and procedures are either nonexistent or are inaccurate and incomplete.

In addition, the cybersecurity chief should collaborate with the TIGTA Office of Investigations to create common identifiers to help the CSIRC reconcile its incident tracking system with the TIGTA Office of Investigations' incident system, the report recommended. The IRS also needs to develop a standalone incident response policy or update the policy in the IRS's Internal Revenue Manual with current and complete information. The report noted that the cybersecurity chief also needs to develop an incident response plan; and develop, update, and formalize all the critical standard operating procedures.

The IRS agreed with the recommendations and corrective actions are planned or in process for five of the six recommendations. While he IRS agreed with the recommendation to correlate and reconcile active servers connected to the IRS network with servers monitored by the host-based intrusion detection system, its proposed corrective actions did not address TIGTA's recommendation. Specifically, the IRS did not commit to implementing the controls TIGTA recommended.




CLICK to GO BACK to Main Page.

E-Commerce Alerts are issued by Bennett Gold LLP, Chartered Professional Accountants as situations develop. Bookmark this site and check back often. Our e-mail address is: info@BennettGold.ca

In accordance with United States Code, Title 17, Section 107 and Article 10 of The Berne Convention on Literary and Artistic Works, the news clippings on this web site are made available without profit for research and educational purposes.


ALERT
ARCHIVES
Final Entries
2012
2011
2010
2009
2008
2007
2006
2005
2004
2003
2002
2001
2000
1999


LINK TO: Bennett Gold, Chartered Professional Accountants: A Licensed Provider of WebTrust Services.

WebTrust Is Your
Best Defense
Against
Privacy Breaches.

Get WebTrust
Working For
Your Site.