IRS Doesn't Check Cyberaudit Logs 78
An anonymous reader writes "The US Internal Revenue Service's IT staff hasn't routinely checked its cybersecurity audit logs, according to a report released this week by the agency's inspector general's office. The report is not exactly flattering for the IRS. The report, with large chunks redacted, recommends the IRS allow independent review of audit logs and establish procedures to save audit logs. It also recommended that the IRS regularly test its Internet gateways for compliance with standard security configurations."
Are you surprised? (Score:3, Interesting)
Nonsensical claim. (Score:3, Interesting)
Nobody with a brain audits the security logs. The worms pound away at a rate of dozens per minute and the unsuccessful hack attempts are not far behind. If you were going to be able to detect a successful breach via the logs, you'd have prevented it at the firewall in the first place. The ratio between taxpayer-paid manpower to improved security would be exceptionally low.
Truth is, the logs are only valuable forensically. After detecting a breach or suspected breach, the logs can tell you more about what actually happened and how far it spread.