http://www.nextgov.com/cio-briefing/2014/11/risky-business-irs-when-it-comes-it-security-ig-finds/98921/
By Jack Moore
Nextgov.com
November 13, 2014
It may come as no surprise an agency that accidentally destroys a computer
hard drive and two years of archived emails along with it -- in seeming
contravention of federal record-keeping laws -- struggles with making
risk-based decisions regarding technology.
We’re talking, of course, about the Internal Revenue Service. And it turns
out, the agency also struggles with risk-based decision-making when it
comes IT security.
A new report from the Treasury Inspector General for Tax Administration --
dated Sept. 22, but not made publicly available until last week -- set out
to examine whether the agency’s mostly ad hoc process for assessing IT
security risks “provides an effective platform of identifying, assessing
and addressing risks related to information technology projects and
systems.”
Short answer: not really.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
