the agency had not always (1) installed appropriate patches on all
databases and servers to protect against known vulnerabilities, (2)
sufficiently monitored database and mainframe controls, or (3)
appropriately restricted access to its mainframe environment. In addition,
IRS had allowed individuals to make changes to mainframe data processing
without requiring them to follow established change control procedures to
ensure changes were authorized, and did not configure all applications to
use strong encryption for authentication, increasing the potential for
unauthorized access.
http://www.gao.gov/products/GAO-14-405http://1.usa.gov/1oKjHdW
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]