Albuquerque, NM -- (SBWIRE) -- 03/22/2011 -- Government agencies and business organizations rely heavily on computer systems for conducting routine operations, communication and data storage. The rapidly evolving and vibrant challenges in the cyberspace have made it inevitable for organizations to give high emphasis to information security.

Recently, a report by the United States Government Accountability Office (U.S. GAO) indicated inadequate information security practices by Internal Revenue Service (IRS). IRS has a major responsibility of collecting taxes, processing tax returns and enforcing the tax laws of the country. As such, the computer systems of IRS have databases containing sensitive personal and financial information related to large number of individuals. Adequate security controls are crucial to ensure integrity, confidentiality and privacy of information. Lapses in security controls may lead to unauthorized access to privileged information, data theft, alteration and misuse.

The report has identified lapses such as lack of adequate controls on user access, lack of proper updates to database software and lack of auditing of databases supporting crucial systems. IRS has also not implemented its information security program. GAO report also identified that majority of the weaknesses mentioned in earlier reports remain unmitigated. The report has recommended IRS to revise password control policies and procedures, update the risk assessment procedures for mainframe environment to include all aspects of the environment, which impact security. IT professionals at IRS must also revise the risk assessment procedures for systems and applications, which have undergone significant changes. The report advises IRS to revise application security plan and update the control measures put in place. GAO suggests annual comprehensive testing of key network components, testing application security of general-ledger system and comprehensive testing of security controls of mainframe environment. In addition, GAO has identified weaknesses and recommended improvements in audit, monitoring, authentication procedures, authorization, cryptography, configuration management and physical security. Hiring IT professionals certified in security certifications and IT degree programs may help in timely identification and mitigation of vulnerabilities and threat vectors.

Weaknesses in information security infrastructure may be exploited by cybercriminals to gain unauthorized access to computer systems, applications and privileged databases. They may also gain complete control of a system and use the compromised system as a vector for disseminating spam and launching attacks on other computers. The extracted information could be used to submit fake refund applications, misrepresent legitimate individuals, redirect mails, and commit identity fraud. The extracted data could also be sold to their peers in underground crime market. Employee negligence may also cause security breaches. E-learning programs, webinars, online IT courses and video tutorials may be used to educate employees on IT security guidelines and implications of security breaches. Organizations must also have an incident management policy in place to deal with security incidents.

Rising challenges to information security have resulted in increased demand for security professionals with employable IT skills.

Organizations, IT security firms, developers and academic institutions must collaborate in revising the curriculum of computer science and online IT degree programs in line with the skills required to deal with the emerging security threats.

Contact Press
EC-Council
Website: http://www.eccouncil.org
Email: iclass@eccouncil.org
Tel: 505-341-3228

EC-Council University is based in Albuquerque, New Mexico and offers Master of Security Science (MSS) degree to students from various backgrounds such as graduates, IT Professionals, and military students amongst several others. The MSS is offered as a 100% online degree program and allows EC-Council University to reach students from not only the United States, but from all around the world.

EC-Council is a member-based organization that certifies individuals in cybersecurity and e-commerce skills. It is the owner and developer of 16 security certifications, including Certified Ethical Hacker (CEH), Computer Hacking Forensics Investigator (CHFI) and EC-Council Certified Security Analyst (ECSA)/License Penetration Tester (LPT). Its certificate programs are offered in over 60 countries around the world.

EC-Council has trained over 80,000 individuals and certified more than 30,000 members, through more than 450 training partners globally. These certifications are recognized worldwide and have received endorsements from various government agencies including the U.S. federal government via the Montgomery GI Bill, Department of Defense via DoD 8570.01-M, National Security Agency (NSA) and the Committee on National Security Systems (CNSS). EC-Council also operates the global series of Hacker Halted security conferences.