GAO Report Highlights Common Database And Access Control Woes

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/database-security/167901020/security/news/231903190/gao-report-highlights-common-database-and-access-control-woes.html

By Ericka Chickowski
Contributing Editor
Dark Reading
Nov 16, 2011

A new report out from the Government Accountability Office (GAO) ripped 
into the IRS once again for insufficient access controls, database 
maintenance, and monitoring necessary to keep taxpayer information safe. 
The report's findings echo many of the issues seen in database and 
application security across many large enterprises today, experts say.

Released last week, the GAO's financial audit (PDF) reported that during 
the past fiscal year, the IRS still had glaring holes in internal 
controls over information security, in spite of initiating efforts to 
address concerns levied by the GAO in past years.

"IRS improved several system-level controls, including the encryption of 
data transferred between some accounting systems, upgrades to critical 
network devices on the agency’s internal network, and strengthening of 
the architecture of an important financial system to eliminate 
identified areas of weakness," the report read. "However, despite these 
efforts and enhanced management attention toward controls, a majority of 
the known weaknesses in the agency’s systems and internal network and 
physical security controls remained unresolved in fiscal year 2011."

According to Don Gray, chief security strategist for Solutionary, an 
Omaha-based managed security service provider, the IRS isn't special in 
the fact that it hasn't been able to keep up with regulator demands.

[...]

_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn