Information Technology Holds Great Promise for Improving

Information Technology holds great promise for improving the way a government serves its citizens in various services it conducts to the citizens. This rapid adoption of information technology has produced substantial benefits to the citizens, tax payers, and businesses alike. It is therefore recommended for every particular government to develop digital services to streamline all its operations. One area where governments should enhance its key functions is the establishment of online tax preparation services for the citizens.

It is quite obvious that the government is actively involved in taxation, and this is where the provision of information technology makes the entire process easier and more efficient. Electronic provision of tax forms and other tax information is very beneficial to the residents and falls within the traditional scope of government's activity. This is why government must actively engage tax payers in electronic filing since it is appropriate in boosting the efficiency of a necessary government function.

The adoption and application of new technologies to the provision of government services is excellent, but should not be geared towards expanding governments roles in places better left to the private sector. Tax preparation, is generally out of the traditional scope of the government activity and has always been provided by the private sector. This has clearly boosted diversity and active growth of the private markets which provides private tax preparation services by multiple means, including online.

Global adoption of information technology has led various governments to embrace online tax preparation, which is efficient but significantly raises issues such as security, conflict of interest and also privacy. Security and privacy of taxpayers' deliberations about tax filing are likely to be eroded by e-government tax preparation programs. This therefore requires a skilled management workforce to reduce the level of risks that may enable its administration to accomplish its mission(s) by facilitating better decision making. Better decision making requires a quality risk management that allows clear ways of detecting mistakes.

As part of the consultancy firm that has been appointed by a European government in the process of assessing the business continuity and security issues that will need to be addressed by the supplier of tax return system, we are mandated to assess independently the supplier's level of preparedness. Our key and specific role is to identify the ten key risks to which the system will be exposed and to suggest the best technological or procedural solution for mitigating each risk. You should also provide a justification for prioritizing the individual risks.

The process of coming up with the risk management plan carries out according to the latest regulations that are based on the already formalized ISO/IEC 17799 or BS 7799 standards.

How to system tax return system

The system is to be built and maintained by a private sector company with established expertise in the running of large-scale systems and the management of data centers. The credit rating of the company is AA.

The users of the system will be Government employees (who will have access to all data relevant to their job) and citizens (who will only have access to their personal data) using passwords generated by the Government but modifiable by the citizen.

The operational system will be run from a primary data centre located in a suburb on the outskirts of the capital city. A secondary back-up data centre is located in a nearby town approximately 25km from the capital. Access to the system will be via a secure Government network (for Government employees) and via the Internet (for citizens). Citizens can therefore download tax return software from the Government's web-site to complete their returns off-line.

The process of coming up with the Business Continuity Plan manual comprises of five major phases. The stages below are the stages that will be involved.

Analysis

This stage comprises of the analysis of the impact that the tax return system will have in the overall efficiency of tax return system, the threat analysis and the various impact scenarios that might result. The impact analysis results in the differentiation between the very urgent (critical) and the various non-critical government tax return activities. The process of considering a function as being critical involves the gauging of the level of acceptance of the implications that might result in the transition process of adopting the new online tax return system. This is determined and modified by way of cost that is involved in the establishment and maintenance of appropriate business and technical recovery solutions. The critical nature of the function may also be gauged through the legal requirements that the law dictates. The scope of criticality of the process is determined through two values. The initial value is called the Recovery Point Objective (RPO) and is used to determine the acceptable level of latency of data that is recoverable within a specific period that the system is deployed. The second value that assigned to the process of determining the criticality of the process is the Recovery Time Objective (RTO).This denotes the acceptable period of time that is required in order to restore the functions of the government tax department to the usual operation. The process of coming up with the Recovery Point Objective must take into account the Maximum Tolerable Data Loss for the tax return activity is never exceeded. The next process involves the establishment of certain crucial information. The first one is the establishment of the government business requirement that is required in the process of ensuring recovery together with the necessary technical specifications needed for the process of recovery.

Definition of impact scenarios

After defining all the potential threats, the next step is the documentation of the impact scenarios of the specific government business recovery plan. The step of planning for the best far-reaching disaster preparedness.

.In general, planning for the most wide-reaching disaster or disturbance is preferable to planning for a smaller scale problem, as almost all smaller scale problems are partial elements of larger disasters. A typical impact scenario like 'Building Loss' will most likely encompass all critical business functions, and the worst potential outcome from any potential threat. A business continuity plan may also document additional impact scenarios if an organization has more than one building. Other more specific impact scenarios - for example a scenario for the temporary or permanent loss of a specific floor in a building - may also be documented. Organizations sometimes underestimate the space necessary to make a move from one venue to another. It is imperative that organizations consider this in the planning phase so they do not have a problem when making the move.

Risks involved and their recommended solutions.

Internet security threats have become more dangerous and sophisticated such that cyber thieves and fraudsters have executed attacks on online tax filers to steal various confidential information which includes network passwords, social security numbers, bank account numbers and credit card information. Various security labs have also discovered tax attacks in several countries hosted on compromised web servers. For example, some internal revenue service campaigns claim that the taxpayer is eligible for a refund and should log on to a website in order to verify their information. A variety of e-mail messages are with a link to a fraudulent website are then sent, each to a different user who upon accessing it, he (user) is directed to a fraudulent site that requests personal identifiers which includes credit card information. This particular scam is intended to dupe users into revealing their confidential information which is then used in withdrawing their funds.

Phishing can also present a serious security threat for both the consumers and the organizations. Deception techniques by phishing has become more sophisticated such that more and more employees are lured into spoofed websites as they are unable to determine the difference between the genuine website and the fake one. Very confidential information therefore falls into the wrong website. Phishing scam trends indicate that just by visiting a website, various phishing URL's can install spyware i.e. The malicious key logger, which is capable of capturing data including network passwords or social security numbers without their knowledge. This only takes a single click by an employee to a phishing site to accidentally distribute customer records, network passwords, and other corporate secrets, to risk an entire organizations' intellectual property.

As a precautionary measure, web filers can evade tax attacks and other internet threats by avoiding any suspicious e-mail links; instead go directly to the official website. In addition, companies seeking to protect their employees from phishing scams can establish web filtering and web security software to prevent access to fraudulent sites and activities such as phishing. Such software offer real-time security updates to the database as malicious websites and other events are discovered, researched and categorized.

While corporate employees may have their computers well protected, other users with personal computers may be fully at risk if they don't use protective software such as firewall for prevention of malicious hacking by fraudsters. Without a firewall, any hacker could pull outside with a tax payer's laptop and tap into their information.

Some citizens may also have file-sharing software which may prove fatal if vital information is shared. This happens when one allows a file-sharing software access to the hard drive, thus sharing almost everything that is stored including tax returns files that easily attract a fraudster's attention. The citizens must therefore be advised appropriately on the dangerous of using such file sharing systems in conjunction with the tax return software.

The other problem includes downloads from file sharing sites which may be infected with malware, viruses, or even file names that may look harmless. Such malicious software will activate in ones computer, potentially starting to log every keystroke. These key-loggers would filter will filter all the crucial information to a second party who will then work for his own good.

It is therefore important to keep safe while filing taxes from your PC by ensuring you have a running firewall, plus an up-to-date anti-spyware and anti-virus. It is also important not to file taxes with a file-sharing program unless you are sure of having limited access to your hard drive and no malicious software running. This will secure all information in your computer.

Reputation dearly counts. If you plan to file online or hire a tax preparer, it is very important to work with a reputable company. Check for necessary information about the company i.e. By logging into the Better Business Bureau to see if there are any complaints filed. Preparers who may have temporary premises must at all costs be avoided. Ask for their security policies and compare with your specifications. The online service or tax preparer should encrypt electronic transmissions and be able to explain how safe data is kept when stored.

Paying keen attention and continuous scrutiny of your documents may prove very rewarding since it is the best thing to preventing identity theft and uncovering it quickly. This ensures early steps of minimizing the damage. If the internal revenue service (IRS) communicates that your refund has already been delivered or you have underreported earnings, that may mean your identity has been stolen and being used by someone else. It is therefore advisable to be in the habit of checking your accounts regularly.

Tax experts have always encouraged taxpayers to ignore tax-related e-mail messages and phone calls. Scammers have always used such calls and e-mails to lure taxpayers into divulging sensitive data. They purport to be tax-prep services and are good enough to solicit all private information one has that is related to the individual's tax returns. It is therefore important to type the address into your computer rather than clicking on any link. IRS also never contact by phone or e-mail.

Always be wary when using wireless networks. It is advised not to send sensitive data over a wireless connection, unless you are positive that it is encrypted and there is also a running firewall protecting your computer. Without these, hackers may easily get access to your computer through the unsecured network. The internet based interface must also be equipped with the appropriate encryption technology such as the use of private keys and 128-bit Secure Socket Layer (SSL) encryption technology.

The third problem that must be address is the issue of language barrier. Due to the fact that some of the citizens may not be native English speakers, it is appropriate to design the software in an easy to understand common language framework and in the other various other major spoken languages such as Maltese.

The fourth problem that the software design firm is must address is the problem of poor knowledge of software use. Apart from the fact that most homes could be having computers with internet connectivity in Europe, the number of citizens who may be not be having the knowledge on how to use the software must be sensitized and taught on how to use it. This is also important in order to avoid cases of phising that is continuously being orchestrated by cyber criminals whose intension is to unlawfully steal personal information.

The fifth risk regards terrorism attack and sabotage. The contemporary situation of world security calls for very strong measures aimed at protecting government interests such as Data Centers. There is need for the various Data Centers that are located across various regions to be protected through the installation of proper security measures like armed guards and bomb proof installations.

The sixth risk that must be addressed by the software design firm is sabotage. The software design firm must have the capacity to adequately address the possibility of the tax return software being sabotaged by both internal and external persons. An example of internal sabotage of the tax return files by either disgruntled current and former employees. This is usually achieved through the use of either legally or illegally acquired system login credentials. In order to avoid the risks associated with loophole, the software design firm must address the issues of system credential and the protection of the mission critical data through the use of the appropriate data backup plans (Dibattista, 1997). All with the intention of minimizing exposure.

The seventh risk that must be addressed by the software design firm is the effects of total system outage. In case of a total system failure, the software development firm must provide an appropriate back up plan to ensure that the data is not lost completely from the data centers. Apart from the backup plan, the company must ensure that it provides mechanism of ensuring that the system has an alternative means of operation. This can be either through the provision of alternative software which can replicate all the key functions of the main software or through the setup of specific pick-up and drop-off point for the tax forms.