wiredmikey (1824622) writes "The Government Accountability Office (GAO) has blasted the Internal Revenue Service for failing to implement stronger security measures after a succession of dismal reports on the subject. In a report issued to the Secretary of the Treasury last week, the GAO said that the IRS had met just 15 percent of the 105 previously reported recommendations where information security is concerned.
Taking a blunt approach, the GAO said that the IRS “lacks reasonable assurance as to the accuracy of financial information or the adequate protection of sensitive taxpayer information.”
The report lists many areas of weakness, but says even more bad news may be coming, on just how weak the IRS's security could be.
For example, host-based intrusion detection systems deployed at the IRS to monitor financial applications were configured to spot attack patterns for network security incidents, but were not correctly configured to flag attacks on the specific financial applications themselves. That is just one example of many.
The GAO said that it plans to issue a separate report to the IRS on the information security control deficiencies identified during fiscal year 2011 and the status of actions to address previous recommendations. It also said it would issue a limited distribution report to the IRS that addresses details omitted from this most recent report due to the sensitivity of the information."
Link to Original Source