http://www.nextgov.com/nextgov/ng_20100929_5218.phpHoly crap Batman
Holy crap Batman, you have got to be kidding me.
This has got to be the epitome of the government gone wild.
Talk about compromised. Private contractors used by the IRS and
the IRS has no idea which contractors are in security roles, because they don't train them for it.
The IRS is not required to train contract employees in cybersecurity because their companies are responsible for ensuring they have the necessary expertise. But the agency still should track contractor personnel's security duties and test them on compliance, the audit stated. In addition, the IRS has no method for determining which contractors are in security roles, the report found.
"We identified more than 1,350 contract employees with system access that held titles related to security roles, such as system administrators, database administrators, programmers, developers, security specialists, system architects, system engineers and Web developers," Phillips wrote. "These job titles may or may not align with IRS security roles."
IRS officials said they plan to establish a way to document the contract employees who have access to computer systems and then test the individuals appropriately, according to the report
