« Appropriate Monitoring for Electronic Patient Records | Main | Top three PCI compliance mistakes of Requirement 10 »
IRS Should Audit Itself - or at least its cybersecurity logs
Slashdot is one of the places you can read about a recent report from the inspector general's office at the US Internal Revenue Service, the agency's IT staff hasn't been routinely checking its cybersecurity audit logs. Gasp! What?!? In short, the IRS is not in compliance with the Federal Information Security Management Act, called FISMA for short.
A quote from the report issued Monday and covered by PC World today states: "These weaknesses increase the likelihood that intruders from the Internet could gain access to sensitive taxpayer data residing on the IRS network without being detected."
We can't argue. The report says the IRS has effectively deployed intrusion detection systems (IDS) at its Internet gateways, but didn't have a process in place for vetting the logs. In addition, the IRS gave privileged users access to audit logs, leaving room for internal foul play. The report recommends the IRS institute a policy for saving audit logs and putting them through independent review by non-privileged administrators.
IRS CIO, Arthur Gonzalez, says the agency is working aggressively to protect its Internet gateways and to improve its overall security posture. Mind you, the report covered the period from February 2007 to March 2008, meaning that in the last 20 months or so, taxpayers have been vulnerable to identity theft.
FierceCIO.com writer, Judi Hasson, reported, "The action was like baking half a loaf when a full loaf was essential."
The IRS report was released the same day as Cisco's Annual Security Report, which found that Internet-based cyberattacks are becoming increasingly sophisticated and specialized as profit-driven criminals continue to hone their approach to stealing data from businesses, employees and consumers.
Highlights from the report as covered by Network World reveal:
- The overall number of disclosed vulnerabilities grew by 11.5 percent this year, compared to 2007.
- Vulnerabilities in virtualization nearly tripled from 35 to 103 year over year.
- A 90% growth in threats originating from legitimate domains is double what was seen in 2007.
In addition, the Cisco report predicts insider threats to grow in 2009 as the global economic downturn entices employees to steal corporate data. On the upside, the Cisco report also foresees companies continuing to adopt well-enforced data security policies to make compliance easier and to reduce incidents of data loss. You can download the free report and watch an overview of the report on YouTube for more information.
Posted December 20, 2008 in Log Management & Intelligence | Permalink
January 2010
| Sun | Mon | Tue | Wed | Thu | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | 2 | |||||
| 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| 10 | 11 | 12 | 13 | 14 | 15 | 16 |
| 17 | 18 | 19 | 20 | 21 | 22 | 23 |
| 24 | 25 | 26 | 27 | 28 | 29 | 30 |
| 31 |
Categories
Archives
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005