Information Security Service at the Internal Revenue System

Introduction

An information security service involves the measures taken by a company or organization to ensure the safety of the client or company information. A company keeps the security of the information in its use safe in a varied number of ways. The main necessity for the protection of client information is the need to uphold integrity, confidentiality, and availability of information for company use in the least time possible (Patel, 2008). The other reason is the need to ensure a lack of unauthorized access and use of information by third parties. The aim of this paper is to evaluate the functionality and effectiveness of the information security system at the IRS.

Analysis

The Internal Revenue System is an organization in the United States that mainly deals with the collection of taxes, generation of tax returns, and the ensuring strict enforcement of tax laws. The Internal Revenue System mainly uses computer-related systems in the management of tax collection, tax returns processing, and the enforcement of tax laws. Management of the financial undertakings of the company happens through extensive use of computer systems by the internal revenue system (IRS, 2009).

A secure internet communications system is necessary to ensure the internal revenue system is credible, has high integrity levels, and maintain the confidentiality of client-tax information. Another purpose would be for the better security of the taxpayer’s financial information and its availability for use by the organization at required times. The IRS should ensure the lack of inappropriate access, use, or misuse and dissemination by unauthorized personnel (Patel, 2008). The IRS uses information and security system in handling the safety of client information and fits the organization’s functions in tax collection perfectly.

The information security system at the internal revenue system composes of different personnel who aid in the well running of the system. The main responsibility falls on the Associate Chief Information Officer for Cybersecurity who ensures the information security system runs efficiently at the IRS (IRS, 2009). He is the head of cybersecurity the department delegated with the responsibility of ensuring compliance of federal laws, generation of policies to ensure confidentiality and integrity and make available security systems and data.

The department also ensures identification, mitigation, monitoring of cybersecurity threats, determination of priorities and strategies, and the implementation of security policies. Within the department, the Computer Security Response Center aims at prevention, detection, and responds to computer security threats on the IRS information technology project. The main processes incorporated in the IRS implementation of the information security system are the publication of policies, standards, procedures, and guidelines in the Internal Revenue Manual for the strict adherence by all information security enforcers.

Implementation of the information security system at the IRS faces certain challenges due to the changing business environment and increased internet use in business and information dissemination. The main implementation issues inherent in the IRS information security system include a lack of full control implementation in user identification, audit, and monitoring and physical security areas.

Exposure to theft, espionage, and damage to IRS facilities results from the lack of proper implementation of physical controls in the security systems (Patel, 2008). The lack of full implementation areas details the implementation challenges facing the IRS for the achievement of efficiency in the information security system (Rao and Upadhaya, 2009).

Despite the adherence to strict policies and regulations, the information security system at the IRS has some deficiencies. The deficiencies include the use of in-complex passwords, which lead to easy access by hackers and fraudsters to the information (GAO, 2010). This increases the probability of unauthorized client information access at the IRS, hence reduces the efficiency of the information security system. The other deficiency noted in the IRS information security system is giving personnel too much file and directory permissions. Another deficiency is allowing the unencrypted conduction of user and administrator login (GAO, 2010).

The access, to a large pool of personnel at the IRS, to information only needed by a few of the employees, increases the chances of information access to third parties who use it for fraudulent and criminal purposes. Intentional or unintentional alteration of information is also possible with high accessibility; hence reduce the accuracy of information disseminated to the public or contained in the IRS database. Sending unencrypted content administration information increases the chances of access by third parties and may lead to alteration of IRS information. Unencrypted login information sending increases the probability of accessing the system by third parties. This reduces confidentiality in client information with the IRS (IRS, 2009).

The other deficiency inherent in the IRS information security system is the ineffective verification that corrective actions are comprehensive for the purpose of an effective remedy of problems in the information security system to avoid recurrence. This causes the recurrence of problems in the system, as the corrective actions taken are not comprehensive for the total correction of problems in the information security system.

The other deficiency in the information security system at IRS is the lack of continuous risk assessments annual review of the system (GAO, 2010). This practice aids in the elimination of deficiencies in the system and in the correction and implementation of new policies for increased efficiency. Lack of this practice reduces efficiency, the success of the information system at the IRS and IRS cannot fully ensure integrity, availability, and confidentiality of client tax information at all times.

Technologically, IRS makes use of the electronic filing of national returns by all members. A deal with software, vendors in 2003 saw the improved use of electronic filing by Americans with over 68% of returns made using electronic filing by 2010 (GAO, 2010). The need for the implementation of the use of modern and updated software at the IRS is necessary. The operating system in the main servers of the information security system at the IRS needs updating. The use of outdated software used by IRS in other areas exposes IRS to increased vulnerability to information theft.

A number of benefits are inherent at the IRS in the implementation of information security service in its operations (Rao and Upadhaya, 2009). The main benefits include an increase in the confidentiality of client information necessary for effective tax collection practices and increased clarity and effectiveness of tax returns generation at the IRS (IRS, 2009). The other benefit of the IRS from the implementation of the information security system is the increased application and adherence to government policies. Other benefits include reduced vulnerability to cyber threats, information loss, and adherence to IRS policies regarding information used by all members.

Conclusion

In conclusion, the installation of an information system by the IRS has been beneficial in the achievement of its objectives in tax collection, returns payments, and policy implementation. Personnel functions involve running an information system, but the IRS faces implementation challenges and has various weaknesses in its information security system. As depicted in this case, an information security system is mandatory for the efficient running of a government agency for the improvement of public trust, integrity, and client information confidentiality.

References

GAO. (2010). IRS Needs to Continue to Address Significant Weaknesses. Web.

IRS (2009). IRS Strategic Plan. Web.

Patel R. (2008). Information Security: Theory and Practice. New Delhi: PHI Learning Pvt. Ltd.

Rao R. & Upadhyaya S. (2009). Information Assurance, Security and Privacy Services. Bingley: Emerald Group Publishing.