Tuesday, April 12, 2011

The IRS Needs To Better Define Computer Security Responsibilities

According to the Treasury Inspector General for Tax Administration (TIGTA) the Internal Revenue Service (IRS) needs to clarify the roles and responsibilities of those employees responsible for protecting the security of taxpayer data and other sensitive information, according to a new report publicly released today.

While the IRS has educated its employees about information technology (IT) issues, TIGTA found that it did not document all IT security roles and responsibilities in the Internal Revenue Manual (IRM); develop and document day-to-day IT security procedures and guidelines; properly conduct compliance assessments to test IT procedures; or establish effective metrics for measuring compliance with procedures. 

As a result, TIGTA concluded, the IRS cannot ensure all IRS and contract employees will carry out their responsibilities to protect the confidentiality, integrity and availability of taxpayer data. 

TIGTA recommended that the IRS update the IRM to include all IT security roles, ensure that security roles and responsibilities are periodically reviewed and updated, and develop procedures to validate compliance with IT procedures. In addition, TIGTA recommended that the IRS reopen the roles and responsibilities component of the computer security material weakness.

The IRS agreed with three of TIGTA’s recommendations which is great bu t declined to reopen the roles and responsibility component of the computer security material weakness which is crap.

No comments:

Post a Comment