Linki

Miarą człowieka nie jest tytuł przed jego imieniem.
A Time For Us, Książki,E-book, Harmonijka Ustna, Taby na harmonijke ustna
9 - Księżniczka Mia, e-book, Pamiętnik Księżniczki
90469396-Tereza-Burns-The-Little-Book-of-Black-Venus-and-the-Three-Fold-Transformation-of-Hermetic-Astrology, Astrology
A Little Book of Big Christmas Tales - Anne Azel, ebook, ebook.1400, Temp 1
91 - Pan Samochodzik i Zamek w Rynie - Sebastian Miernicki, e-book, Pan Samochodzik
97 - Pan Samochodzik i Castrum Doloris - Jakub Czarny, e-book, Pan Samochodzik
99 - Pan Samochodzik i Bractwo Dębu - Marek Żelech, e-book, Pan Samochodzik
A Bóg będzie wszystkim we wszystkim... Szczerba Wojciech E-BOOK, Nauka
A Conversation with Mystery, Sukces itp, e-book j.angielski (techniki podrywania, masaz erotyczny i inne ksiazki ktore pomag ci w uwiedzeniu
A Caseira Cozinha Polonesa. Domowa kuchnia polska - wersja portugalska praca zbiorowa E-BOOK, Inne
  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • sylkahaha.htw.pl

    • [ Pobierz całość w formacie PDF ]
    A Comprehensive Program for Preventing
    and Detecting Computer Viruses Is Needed
    June 2000
    Reference Number: 2000-20-094
    This report has cleared the Treasury Inspector General for Tax Administration disclosure review
    process and information determined to be restricted from public release has been redacted from
    this document.
    DEPARTMENT OF THE TREASURY
    WASHINGTON, D.C. 20220
    INSPECTOR GENERAL
    for TAX
    ADMINISTRATION
    June 14, 2000
    MEMORANDUM FOR COMMISSIONER ROSSOTTI
    FROM:
    Pamela J. Gardiner
    Deputy Inspector General for Audit
    SUBJECT:
    Final Audit Report - A Comprehensive Program for Preventing
    and Detecting Computer Viruses Is Needed
    This report presents the results of our review of the Internal Revenue Service's (IRS)
    program for preventing and detecting the spread of computer viruses. In summary, we
    found that the IRS does not have an effective program for preventing and detecting
    computer viruses. We recommended that the Chief Information Officer designate a
    senior official to be responsible for managing the IRS virus prevention program and
    overseeing its effective implementation. The responsible official needs to focus on
    (1) developing effective procedures for keeping anti-virus software current,
    (2) establishing controls for ensuring all updates have been successfully accomplished,
    (3) creating a system for gathering information for evaluating the program, (4) ensuring
    that virus incident reports are prepared, and (5) preparing plans for responding quickly
    and effectively to major computer virus outbreaks.
    IRS management agreed with our recommendations. Their written response discusses
    several corrective actions that will improve the reported conditions. Management's
    comments have been incorporated into the report where appropriate, and the full text of
    their comments is included as an appendix.
    Copies of this report are being sent to the IRS managers who are affected by the report
    recommendations. Please contact me at (202) 622-6510 if you have questions, or your
    staff may call Scott Wilson, Associate Inspector General for Audit (Information Systems
    Programs), at (202) 622-8510.
    A Comprehensive Program for Preventing and
    Detecting Computer Viruses Is Needed
    Table of Contents
    Executive Summary ...................................................................................Page i
    Objective and Scope..................................................................................Page 1
    Background................................................................................................Page 2
    Results.......................................................................................................Page 3
    Anti-virus Software Was Not Current and Operating Properly on
    Internal Revenue Service Computers .............................................Page 3
    The Internal Revenue Service Lacks Data for Measuring the
    Effectiveness of Its Virus Protection Activities.................................Page 6
    The Internal Revenue Service Does Not Have a Formal
    Response Capability for Resolving Major Computer Virus
    Outbreaks........................................................................................Page 7
    Conclusion ............................................................................................ …Page 9
    Appendix I – Detailed Objective, Scope, and Methodology .......................Page 10
    Appendix II – Major Contributors to This Report ........................................Page 13
    Appendix III – Report Distribution List........................................................Page 14
    Appendix IV – Management’s Response to the Draft Report.....................Page 15
    A Comprehensive Program for Preventing and
    Detecting Computer Viruses Is Needed
    Executive Summary
    Computer viruses are malicious programs designed to spread unauthorized, visible, and
    sometimes destructive functions throughout information systems and networks. The
    likelihood of an organization experiencing a computer virus is increasing tremendously,
    with newer viruses being more complex and difficult to detect. Statistics on the extent
    and impact of viruses within the Internal Revenue Service (IRS) were not available
    because the IRS did not have a system for tracking such data. However, we estimated the
    possible annual cost to the IRS of responding to and cleaning up viruses, and the negative
    impact on productivity caused by computer down time, could be at least $500,000, and
    up to $11.5 million, based on data from industry sources.
    The overall objective of this review was to determine if the IRS had an effective program
    for preventing and detecting the spread of computer viruses.
    Results
    The IRS does not have an effective program for preventing and detecting computer
    viruses. As a result, viruses have gone unchecked and undetected. The IRS continued to
    spread the Melissa virus almost a year after it was first detected. The Melissa virus
    propagates in the form of an e-mail message containing an infected Word document as an
    attachment. The following deficiencies occurred as a result of inadequate virus
    protection management.
    Anti-virus Software Was Not Current and Operating Properly on
    Internal Revenue Service Computers
    Computers were inadequately protected against viruses. Anti-virus software was either
    not operating properly or did not have recent updates on many computers we tested. The
    IRS lacked effective procedures for keeping software current and ensuring that updates
    were successfully installed. During our January through March 2000 testing, we found
    many computers that had not received the updates necessary to detect the Melissa virus.
    The Internal Revenue Service Lacks Data for Measuring the
    Effectiveness of Its Virus Protection Activities
    The IRS did not compile information needed for evaluating trends, problems, and the
    overall effectiveness of its virus prevention activities. For example, the IRS did not have
    statistics on how often computers became infected with viruses or detected viruses. The
    IRS did not track the cost of infections, such as lost productivity and clean-up time, that
    Page
    i
    A Comprehensive Program for Preventing and
    Detecting Computer Viruses Is Needed
    would be useful in understanding the full magnitude of virus protection and the need for
    additional resources. IRS management believed that required virus incident reports were
    rarely prepared when infections occurred.
    The Internal Revenue Service Does Not Have a Formal Response
    Capability for Resolving Major Computer Virus Outbreaks
    The IRS was not adequately prepared to respond to major computer virus outbreaks. It
    did not have a coordinated virus response plan setting forth the procedures and
    mechanisms to be put in place, such as how to seek technical assistance or disseminate
    alerts throughout the organization. A response team had not been formed.
    Summary of Recommendations
    We recommended that the Chief Information Officer designate a senior official to be
    responsible for managing the IRS virus prevention program and overseeing its effective
    implementation. The responsible official needs to focus on (1) developing effective
    procedures for keeping anti-virus software current on both networked and portable
    notebook computers, (2) establishing controls for ensuring all updates have been
    successfully accomplished, (3) creating a system for gathering information for evaluating
    the program, (4) ensuring that virus incident reports are prepared, and (5) preparing plans
    for responding quickly and effectively to major computer virus outbreaks.
    Management's Response
    : IRS management agreed with our findings and
    recommendations and has assigned responsibility for directing and overseeing the
    implementation and effectiveness of virus protection efforts to a senior level executive.
    Their response details the responsibilities of that executive to include developing
    procedures and controls for updating virus software, program evaluation, incident report
    preparation, and the formation of an effective response capability to future virus attacks.
    Management’s complete response to the draft report is included as Appendix IV.
    Page ii
      [ Pobierz całość w formacie PDF ]

  • zanotowane.pl
  • doc.pisz.pl
  • pdf.pisz.pl
  • diakoniaslowa.pev.pl