Free Essay

Data Security

In:

Submitted By nikkidavis
Words 1430
Pages 6
INTERNAL REVENUE SERVICE

10
Data Security
Who has access to your tax data?
Nikki Davis

Abstract

In this tax season, when billions of dollars and tons of personal information is relayed to and from the government, it's more than disconcerting to hear that the Internal Revenue Service is still struggling to keep private information secure.

The purpose of my study is to improve the safeguard of taxpayers’ data at the Internal Revenue Service. Due to the fact that firewalls are in place and transaction monitoring is also in place; yet, taxpayers’ data is still being exploited. It seems that the problem lies in the character of some of the employees. It is not such much that the background checks are not in depth, they are not expeditious. It may take up to 3 years to perform a full background check.
What is Data Security Data is the raw form of information stored as columns and rows in our databases, network servers and personal computers. This may be a wide range of information from personal files and intellectual property to market analytics and details intended to be top secret. Data could be anything of interest that can be read or otherwise interpreted in human form. Data security is the means of ensuring that data is kept safe from corruption and that access to it is suitably controlled. Thus data security helps to ensure privacy. It also helps in protecting personal data. In simple terms, data security is the practice of keeping data protected from corruption and unauthorized access. The focus behind data security is to ensure privacy while protecting personal or corporate data. A sound data security plan is built on five key principles:
Take stock. Know what personal information you have in your files and on your computers. Scale down. Keep only what you need for your business.
Lock it. Protect the information in your care.
Pitch it. Properly dispose of what you no longer need.
Plan ahead. Create a plan to respond to security incidents.
Internal Revenue Service History The roots of IRS go back to the Civil War when President Lincoln and Congress, in 1862, created the position of commissioner of Internal Revenue and enacted an income tax to pay war expenses. The income tax was repealed 10 years later. Congress revived the income tax in
1894, but the Supreme Court ruled it unconstitutional the following year.
16th Amendment
In 1913, Wyoming ratified the 16th Amendment, providing the three-quarter majority of states necessary to amend the Constitution. The 16th Amendment gave Congress the authority to enact an income tax. That same year, the first Form 1040 appeared after Congress levied a 1% tax on net personal incomes above $3,000 with a 6 percent surtax on incomes of more than
$500,000. In 1918, during World War I, the top rate of the income tax rose to 77 percent to help finance the war effort. It dropped sharply in the post-war years, down to 24 percent in 1929, and rose again during the Depression. During World War II, Congress introduced payroll withholding and quarterly tax payments.
A New Name
In the 50s, the agency was reorganized to replace a patronage system with career, professional employees. The Bureau of Internal Revenue name was changed to the Internal
Revenue Service. Only the IRS commissioner and chief counsel are selected by the president and confirmed by the Senate.
Today’s IRS Organization
The IRS Restructuring and Reform Act of 1998 prompted the most comprehensive reorganization and modernization of IRS in nearly half a century. The IRS reorganized itself to closely resemble the private sector model of organizing around customers with similar needs.
Security Issues at the IRS Some of the security issues faced by the Internal Revenue Service are the use of exploitation of individual tax data for personal gain, tax data browsing for personal reasons and the usage of taxpayer data to render personal favors. I found a case where a former Memphis IRS employee has been indicted on charges of filing false tax returns and stealing data from the agency. MEMPHIS — An Internal Revenue Service employee in Memphis has been indicted on charges of filing false tax returns and stealing data from the agency. The U.S. attorney’s office said in a news release today that Farrah Jones of Memphis, who was hired as a tax examining technician in 2001, used the data for returns she filed for herself and others. Prosecutors said Jones obtained dependent information from IRS files and used the data on tax returns she prepared, knowing that the taxpayers were not entitled to claim these dependents. This allegedly occurred for a year ending in February 2007. She was arrested Thursday and released on $5,000 bond.

Another issue is browsing where taxpayer data is researched for personal purposes i.e. revenge or other actions. UNAX is the code of conduct concerning unauthorized access. There are many UNAX violations case pending today. One case in particular is about s former employee who looked up data on celebrities and his neighbor just for the sake of doing it.
SAN FRANCISCO (MarketWatch) -- An IRS employee was sentenced Wednesday to three years' probation for taking a look at the tax files of almost 200 people, including famous actors, local sports celebrities, and his own next-door neighbor.
John Snyder, a 56-year-old tax agent in Covington, Ky., also must pay $1,000 and complete 60 hours of community service for sneaking a peek at the records of actors including Kevin Bacon, Alec Baldwin, Sally Field, Chevy Chase, Vanna White and Randy Quaid, plus sports figures such as Cincinnati Bengals coach Marvin Lewis and some former Cincinnati Reds players.
Snyder also checked up on five less-famous people, including his next-door neighbor, according to a release from the U.S. Attorney's Office in the Eastern District of Kentucky.
When asked what Snyder intended to do with the information gleaned from people's private tax records, Kyle Edelen, a spokesman for the U.S. Attorney's Office, said he doesn't know.

IRS workers are allowed to access the agency's database of personal tax information for work purposes only. The Treasury Inspector General for Tax Administration (TIGTA) and the IRS take the security of taxpayer data very seriously. TIGTA uses a computer-based detection program that analyzes access to tax accounts, and identifies those with potential unauthorized access (UNAX) issues. “Cases with confirmed UNAX issues or any other potential criminal violations are forwarded to TIGTA field offices for further investigation,” Russell said. TIGTA also receives allegations from taxpayers and other IRS employees. Individuals found to have committed UNAX violations are subject to federal prosecution, termination of employment, or other disciplinary action.
Another issue is taxpayer data is being used to render personal favors i.e. expediting refunds. This case scenario happens constantly so no one case record is needed.
Proposed Solution All these issues open individuals and companies to cyber-espionage — a growing concern. And they underline an issue that all companies must deal with: the need to implement a consistent approach to improving data security. The proposed solution to the above issues lies in the background investigations and the screening of potential employees. Who has access to your tax data? Many people with questionable character and low integrity are being employed by the Internal Revenue Service on a daily basis. Sometimes, the background checks do not come back until after a person has been employed for almost a year. That individual had an entire year to access personal data and damage the taxpayer’s life. The IRS is implementing STEP (Student Temporary Employment Program) this summer in several states. The minimum requirements for this program are students who are at least 16 years of age; currently enrolled or accepted as a degree seeking student with half-time or more academic course load at an accredited high school, college university, technical or vocational school; and must have a minimum 2.0 cumulative GPA. This is basically telling me that anyone in high school can have access to my tax data and yours. So, who has access to your tax data?

--------------------------------------------
[ 2 ]. http://www.spamlaws.com/data-security.html
[ 3 ]. http://en.wikipedia.org/wiki/Data_security
[ 4 ]. www.ftc.gov/infosecurity/
[ 5 ]. http://www.irs.gov/irs/article/0,,id=149200,00.html
[ 6 ]. http://www.knoxnews.com/news/2010/mar/11/irs-staffer-indicted-data-theft-filing-false-retur/
[ 7 ]. http://www.marketwatch.com/story/story/print?guid=786BACBD-C58F-481B-AE31-28C2101E7CF6

Similar Documents

Premium Essay

Data Security

...Lara Ramey Southern New Hampshire University OL 442 – Professor David Miller April 25, 2015 Final Paper: Data Security With technology taking over businesses and costs rising higher by the year, having a solid data security policy in place is an extremely beneficial and important part of protecting an organization. Sinrod (2010) discusses how financially damaging data breaches can be for an organization, with an average cost of $6.75 million per incident in 2009. Breaches can be expressed both in and out of the organization, with especially staggering statistics on employee theft. Dwyer (2014) states, “39 percent of data theft from businesses comes from company insiders. Even more troublesome, 59 percent of ex-employees admit they stole data from their former employers.” With figures as high as these, it is up to company executives and management personnel to apply great effort in creating data security plans that cover all aspects of potential threats in order to keep incidents and costs low. Human Resources must also have a role in designing and implementing these policies, as well as conveying them appropriately to both managers and employees. Jackson et al. (2014) proposes developing an ethics code for the entire company to follow and stressing the importance of managers to “practice what they preach.” If the organization follows its own protocols and demonstrates ethical behavior, it is more likely their employees will follow suit. Before the policy is communicated...

Words: 1090 - Pages: 5

Premium Essay

Data Security

...Data Security and Privacy Act Data security & privacy has varies of roles and responsibilities to prevent financial crimes. Financial crimes can include telemarketing scams, investment or pension fraud, credit card fraud, and insurance fraud. However, it is the company decision on how much personal protection is needed to secure its customers financial investments. Moreover as who is suppose to make this decision for financial protection falls under corporate security. These decisions are very important because businesses, as well as individuals, can be victims of financial crimes and face serious financial loss. In this recent ongoing decade because of the fear of big government and the fear of privacy intrusions through the internet and internet commerce, across all enforcement agencies, data security and privacy are high priorities. The Obama Administration has made enforcement of data security and privacy a top priority. In this modern day age, updating the Healthcare Insurance portability & Accountability Act is recently now highly recommended. The healthcare industry is already familiar with data security and privacy restrictions. We the people in the United States of America is living in an information technology era, with increasing automation of electronic medical records, clinical systems, and medical imaging, as well as growing regulatory pressures, it is a challenge for healthcare providers to protect the privacy of patient data and secure their IT...

Words: 601 - Pages: 3

Premium Essay

Data Security

...Lonnie Virgil Week Seven Case Study Data security is a critical factor that all individuals and organizations should be concern about. When taking into consideration sensitive data that businesses and individuals hold from financial information to personal information such as social security numbers, any breach in security could be damaging. Data security are methods used to protect data and sensitive information from unauthorized users by preventing unauthorized access to computers, databases and websites (techopedia, 2014). A certain data input/storage/output environment that I came face to face is my frequent visit to Merrick Bank’s online website. As a member of Merrick Bank, I have access to online banking, which enables me to view my account, add on services, and order products that the financial institute has to offer. Merrick Bank has several data security measures that I have observed, as well as measures that they have listed on their website. What I have observed is that the bank uses authentication to identify users. Authentication is a method for identifying users based on a unique username and password (Merrick, 2014). Merrick Bank uses authentication as a security measure to make sure that the individual is who he/she claims to be. Before I can access my account I have to log into the system by providing a username and password that was create when I registered to the online banking system (Merrick, 2014). When you sign into the system, a box populates on the...

Words: 1089 - Pages: 5

Premium Essay

Visual Data Security

...Visual Data Security White Paper Brian Honan, BH Consulting July 2012 1 Introduction Welcome to Secure’s White Paper on Visual Data Security. As data gets ever more versatile and mobile, we want to make sure that individuals, businesses, organisations and governments across Europe are aware of the threats posed by visual data security breaches. Simply put, visual data security is ensuring that information cannot be seen by unauthorised individuals. This is particularly important when dealing with private or sensitive information, and the threat of a breach has risen enormously with the shift in working practices towards increased mobility, flexibility and shared resources. This White Paper has been commissioned to give some background to visual data security and provide simple, easy to follow advice on how to prevent a breach and protect individuals’ personal data and organisations’ commercially sensitive information. It’s not about constraining people’s working habits or holding back the tide, but about embracing new trends and empowering employers and employees to take small steps to work in a safe and secure manner. By promoting a greater understanding of these risks and the behavioural and practical procedures that can be adopted to reduce them, we hope to enhance data security across the continent. We hope you find the Paper of interest. For any further information please don’t hesitate to contact us on info@visualdatasecurity.eu. Happy reading and stay secure...

Words: 4506 - Pages: 19

Premium Essay

Data Security Solutions

...Data Security Solutions Bitdefender Total Security 2015 combines impeccable protection with a strong range of features, including new profile settings to optimize your PC's resources. These days, a good security suite does a lot more than just detect and defend against malware. That's the idea behind Bitdefender Total Security 2015 ($70 for one PC, $90 for three PCs), which, in addition to top-notch protection, offers a collection of centralized PC tune-up and optimization tools to make computer maintenance as easy as possible. You'll also get one year of antivirus security for up to three PCs, and a protected browser for safe online shopping. Overall, Bitdefender Total Security remains our top pick. How I tested I installed Bitdefender Total Security 2015 on an Acer Aspire E5 laptop running Windows 8.1 with an Intel i5 processor, 4 GB of RAM and an 64-bit operating system. This is far from the most powerful machine on the market; I chose it so that any performance impact Bitdefender had on the computer could be detected. I also evaluated Bitdefender based on its setup and interface, security protection, and features and tools. Setup Bitdefender Total Security 2015 for PC is compatible with Windows XP and Vista, 7, 8 and 8.1. That's good news for people who still have yet to upgrade from Windows XP. After I downloaded the Bitdefender Total Security 2015 installer from Bitdefender's website, the product started an initial scan of our Acer E5, then proceeded to install...

Words: 1889 - Pages: 8

Premium Essay

Linux Securities to Protect Your Data

...Linux Securities to Protect Your Data Chris Davis IT302 Linux Administration April 8, 2012 Linux has been deemed one of the most secure operating systems available to date. So what makes Linux one of the top secure operating systems? That is the question that we will be answering with this paper. Starting with SELinux which was started by the NSA (National Security Agency) and had additions from several other groups such as Network Associates, Treys, and others. Released as a set of patches in the beginning SELinux has molded its way into the Linux kernel as of kernel release 2.6. This was needed since in the early stages of SELinux it provided its own security framework which caused issues with GNU/Linux because it put Linux into a single access-control architecture. To correct this situation the Linux kernel inherited a generic framework that separated policy from enforcement. This created the LSM (Linux Security Framework). LSM provides the way that security models are implemented as loadable kernel modules. So what actually makes SELinux such an enhanced security system? The ability to contain programs and daemons to just their bare needed access needs. This is all done through access control. MAC (Mandatory Access Control not Media Access Control) which is more secure than its counterpart DAC (Discretionary Access Control). But SELinux even went a step further by adding RBAC (Role Based Access Control). RBAC works with the roles each user and/or groups has...

Words: 830 - Pages: 4

Premium Essay

Data Security

...this dissertation. As the title of this thesis is “Analysis of Security and QoS in Network with time constraints”, it is clear that our work requires a deep understanding of three main topics: security, Quality of Service (QoS) and network applications with time constraints. These three fundamental topics will be addressed in this chapter. 2.1. Security In today's business environment, users demand seamless connectivity and stable access to servers and networks wherever they are: hotels, airports, homes, or remote offices. While these functionalities are useful for business, they can only be diffused as such if we can minimize the security risks of transmitting sensitive data across the Internet. 2.2.1. Security Definition (Security Properties) Protecting information from unauthorized access, use, disclosure, disruption, modification, inspection, recording or destruction in order to provide confidentiality, integrity, and availability is the main goal of information security [NIST 2009]. Security is the ability of a computer system to withstand external physical stresses (fire, flooding, bombs, etc.) or logic (input errors, intrusions, hacking, malicious logic, etc.); this is generally the direction chosen by specialists of security audit, when they must assess the risks related to a computer system [Deswarte 2003]. According to ITSEC (Information Technology Security Evaluation Criteria), security can be defined as a combination of three main properties: confidentiality...

Words: 8305 - Pages: 34

Premium Essay

Nt1310 Unit 1 Network And Data Security

...Phase Three With the network topology and employee workstations configured as requested, network functionality and security are a necessity for enterprise protection. Phase three takes into consideration both network and data security. This data security is a combination of both network resources in addition to personnel training. While these objectives have separate outcomes, they work in tandem with each other to provide holistic network security. Firewalls, Antivirus, and Intrusion Detection/Prevention In the simplest form, firewalls provide a go/no-go gate for passing traffic from the internal network to the internet. By setting up appropriate rulesets, the network administrators restrict and allow different data packages which users and peripheral...

Words: 1641 - Pages: 7

Premium Essay

Sr-Rm-013: Network, Data, and Web Security

...SR-rm-013: Network, Data, and Web Security CMGT/441 June 18, 2012 Abstract Riordan Manufacturing conducts an information systems security review over IT security issues that exist in different plants to prepare for an upcoming audit in accordance to the Sarbanes-Oxley Act. Several elements of the organization's information systems require revisions and updates to optimize physical and network security, data security, and Web security. SR-rm-013: Network, Data, and Web Security The Sarbanes-Oxley Act (SOX), passed in July 2002, requires publicly traded companies to submit accurate and reliable financial information. Securing private information is not included in its requirements; however, establishing security controls for confidentiality, availability, and integrity of the reporting are (Kim & Solomon, 2012). Riordan Manufacturing is preparing for an audit in compliance with SOX and is conducting an information systems security review over its physical and network security, data security, and Web security. Physical and Network Security Riordan Manufacturing performs an information systems security analysis over its physical and network security. Several elements of the IT system require revisions, such as restrictions to physical access to vital IT systems and upgrades to outdated systems within the network. Physical Security After analyzing the headquarters and Riordan’s other sites it was found that they were not designed nor equipped in the same fashion...

Words: 2582 - Pages: 11

Premium Essay

The Importance of Network Security to Safeguard Organizational Proprietary Data

...Running head: Network Security The Importance of Network Security to Safeguard Organizational Proprietary Data Donald Shipman Strayer University Dr. Kwang Lee June 10, 2012 Abstract Cyber-criminal activity is on the rise in a world that thrives on the use of technology in everyday living. The close-minded thought process of simple theft of a credit card number or a social security number are long gone. Crimes in today’s business are much more extreme to include attacks that disable key functions of major operations such as public transportation and utilities, to the major financial records of customer information being exposed and stolen. In this paper I will focus on the latter. It is important that companies make significant investment in network security in order to protect its proprietary data from hackers and other criminals. I will address current attitudes toward network security, the rise in and recent increase in criminal activity, existing counteractive measures along with their effectiveness and the direction of network security for organizations in the future. Ultimately, the paper will show the importance of network security in organizations and the immediate change is needed to restore the consumer confidence about their information being safe. Introduction The Internet has become a staple of the business world today. One might find it impossible to be current on the latest world events without being able to effectively use it, navigate it, and understand...

Words: 2112 - Pages: 9

Free Essay

Analyzing Security Data

...I. Purpose The purpose of this paper is to define and explain the core components of the Windows Server Networking operating system. The following components will be explained: Active Directory, Domain Controller, Tree, Forest, Distinguished Name, Client Services for Netware, Gateway Services for Netware, Microsoft Management Console, Striped Set, Scheme, Global Catalog Server, Native Mode, DHCP, Default Gateway, Emergency Repair Disk, hardware Disk, hardware Compatibility List, Resource Kit, and IP sec. II. Scope of Work This paper discusses the definitions of core components of Windows Server Networking operating system. III. Windows Terminology A. Active Domain The Active Directory is a directory service designed by Microsoft that acts as a universal distributed information service point from which all network objects, including users, processes, configurations and services can be utilized at any entry point to the network. B. Schema The Schema is the formal set of definitions for all object classes and their attributes contained in the Active Directory. Microsoft designed the Schema to be programmable, allowing the system administrator to create new object types and their attributes and modify attributes of existing objects. C. Domain, Tree and Forest The Active Directory structure is comprised of several different levels: the domain, the tree and the forest. The domain consists of the rational grouping of computers operating Microsoft Windows that share...

Words: 571 - Pages: 3

Free Essay

Risk Management Jit 2 Task 1b

...Risk Management JIT 2 Task 1b American International Insurance BCP William Gardner May 9, 2015 Task B.  Create a business contingency plan (BCP) that the company would follow if faced with a major business disruption (e.g., hurricane, tornado, terrorist attack, loss of a data center, the sudden loss of a call center in a foreign country, the collapse of a financial market or other catastrophic event) in which you include the following: 1.  Analyze strategic pre-incident changes the company would follow to ensure the well-being of the enterprise. 2.  Analyze the ethical use and protection of sensitive data. 3.  Analyze the ethical use and protection of customer records. 4.  Discuss the communication plan to be used during and following the disruption. 5.  Discuss restoring operations after the disruption has occurred (post-incident). Since 1919, A.I.I. has been in the business of insuring businesses and people from losses incurred through disasters. For 95 years (A.I.I.) has stood by its clients as they faced many challenges from the financial collapse of 1929 to the drought of the dust bowl years and even the ravages of World War Two. Assisting our clients in the face of hurricanes, tornados and even terrorist attacks is an everyday occurrence at A.I.I... However, who is planning and preparing for A.I.I.? A BCP is a plan to do exactly that, during the financial collapse of 2008 several flaws in the existing plans were exposed; flaws that not even the...

Words: 3242 - Pages: 13

Premium Essay

Boss

...blocked at the bus operator's convenience. 5. Full configuration be possible from bus operator's side in terms of seat layout, bus type, etc. 6. Specific attention must been given to user friendliness of the software. Complete flexibility is provided to define seat activation period. Operator can decide what period the inventory can be opened for bookings to be open. Multi-level Access The user ID's can be created for Head office, Administrator, Accounts, Agents, etc. Complete flexibility with secure access to defined functions. 7. Web Booking Bus operator will be able to power online booking on their website using their own payment gateway.8. Data Security Data is secure and access will be allowed only to bus operators with the exception of when required by law. Robust back up mechanism will be in place to ensure that there is no data loss. 9. Flexibility in fixing commissions Different commissions can be fixed for different agents based on bus operator's discretion. Commissions can also be based on route, service, etc. | | 10. Quota System Software provides for allocation of seats to particular agents or branch offices in the form of quota. Price Control Full flexibility in pricing with service level, date level, route level pricing control is possible. 11. MIS Functions Comprehensive MIS can be obtained from the system to monitor sales, collections, occupancy, etc. MIS can be fine tuned to suit individual operator requirements. Accounting Module The software allows the bus...

Words: 379 - Pages: 2

Premium Essay

Brief for the New Cso, Which Will Provide Her with the Basics of Cyber Security, Acquaints Her with the Current Threats Facing Your Organization's Data Infrastructure, and the Legal Issues Related to Protecting the Enterprise.

...The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability Paul K. Kerr Analyst in Nonproliferation John Rollins Specialist in Terrorism and National Security Catherine A. Theohary Analyst in National Security Policy and Information Operations December 9, 2010 Congressional Research Service 7-5700 www.crs.gov R41524 CRS Report for Congress Prepared for Members and Committees of Congress The Stuxnet Computer Worm: Harbinger of an Emerging Warfare Capability Summary In September 2010, media reports emerged about a new form of cyber attack that appeared to target Iran, although the actual target, if any, is unknown. Through the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide. From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful...

Words: 5499 - Pages: 22

Premium Essay

Enhance Security Controls for Access to Sensitive Data

...there role. 3. Provide at least 3 examples of Network Architecture Controls that help enforce data access policies at the LAN-to-WAN Domain level? 1. Smart Cards – A token CAC card that is used in tandem with a password 2. Passwords – User defined passwords that coincide with password standards. 3. Cognitive password – Pre-answered questions that hopefully only the user knows the answer to. 4. When a computer is physically connected to a network port, manual procedures and/or an automated method must exist to perform what type of security functions at the Network Port and Data Switch level for access control? Name and define at least three. Verify authorized access to the asset Verify the user is who they say they are through authentication Verify the configuration of the computer is compliant with local security standards.. 5. What is a Network Access Control (NAC) System? Explain its benefits in securing access control to a network. A NAC is the use of certain policy of the network information structure that temporarily limits access the certain recourses while authenticating the user. 6. Explain the purpose of a Public Key Infrastructure (PKI) and give an example of how you would implement it in a large organization whose major concern is the proper distribution of certificates across many sites. PKI - a framework consisting of programs, procedures and security...

Words: 536 - Pages: 3