IRS Doesn't Check Cyberaudit Logs

An anonymous reader writes "The US Internal Revenue Service's IT staff hasn't routinely checked its cybersecurity audit logs, according to a report released this week by the agency's inspector general's office. The report is not exactly flattering for the IRS. The report, with large chunks redacted, recommends the IRS allow independent review of audit logs and establish procedures to save audit logs. It also recommended that the IRS regularly test its Internet gateways for compliance with standard security configurations."

Or better yet

[IceCreamGuy]

Why don't we test their Internet gateways? Right now! Let's go, crowd, everybody start hammering their GWs! Hooray, we're helping!

Re:It wasn't a mistake ...

[cthulu_mt]

Its okay as long as they keep the records for seven years.

Re:Or better yet

[morgan_greywolf]

No, thanks. You don't want to know what the IRS can do to get you back. You really, really don't want to know...

Re:I don't either...

[Anonymous Coward]

Have you stopped to think that perhaps automated tools don't always work as expected?

Frist Post!!1!

Re:Not just a problem for IRS

[pyro_peter_911]

I would bet money a lot of government and I know for a fact a lot of private organizations do NOT audit their general security logs in a timely and in an effective fashion.

Don't forget to file your form 1099 after you win that bet.

Peter