IRS cybersecurity adequate, not airtight, audit finds

Federal Times: The IRS’s Computer Security Incident Response Center, or CSIRC, is doing an adequate job of stopping cyberattacks, according to an audit by the Treasury Department’s Inspector General for Tax Administration.

“In general, the CSIRC prevented, detected, reported and responded to cybersecurity incidents,” the audit concluded. For example, out of a sample 100 incidents from a total of 368 incidents in FY 2015 and 2016, the CSIRC “properly identified and documented the type, nature and scope of all 100 incidents with information such as the systems and applications affected, the source of the incident, and the specific kind of lost equipment.”

Read article