IRS Doesn't Check Cyberaudit Logs

Posted by samzenpus on Thursday December 18, 2008 @12:57AM from the check-your-work-twice dept.

An anonymous reader writes "The US Internal Revenue Service's IT staff hasn't routinely checked its cybersecurity audit logs, according to a report released this week by the agency's inspector general's office. The report is not exactly flattering for the IRS. The report, with large chunks redacted, recommends the IRS allow independent review of audit logs and establish procedures to save audit logs. It also recommended that the IRS regularly test its Internet gateways for compliance with standard security configurations."

1 of 78 comments (clear)

Min score:

Reason:

Sort:

Re:Why redacted? by fprintf · 2008-12-18 01:16 · Score: 5, Insightful

Never mind. I just figured it out... social security numbers and private information. Once again, that little problem of social security numbers raises its ugly head. If it was just used for social security taxes, and nothing else we'd be fine. But now it is used for all kinds of financial transactions any organization has to guard those 9 numbers better than Fort Knox guards its gold.

--
This post brought to you by your friendly neighborhood MBA.