Information Technology holds great promise for improving the way a government serves its citizens in various services it conducts to the citizens. This rapid adoption of information technology has produced substantial benefits to the citizens, tax payers, and businesses alike. It is therefore recommended for every particular government to develop digital services to streamline all its operations. One area where governments should enhance its key functions is the establishment of online tax preparation services for the citizens.
It is quite obvious that the government is actively involved in taxation, and this is where the provision of information technology makes the entire process easier and more efficient. Electronic provision of tax forms and other tax information is very beneficial to the residents and falls within the traditional scope of government's activity. This is why government must actively engage tax payers in electronic filing since it is appropriate in boosting the efficiency of a necessary government function.
The adoption and application of new technologies to the provision of government services is excellent, but should not be geared towards expanding governments roles in places better left to the private sector. Tax preparation, is generally out of the traditional scope of the government activity and has always been provided by the private sector. This has clearly boosted diversity and active growth of the private markets which provides private tax preparation services by multiple means, including online.
Global adoption of information technology has led various governments to embrace online tax preparation, which is efficient but significantly raises issues such as security, conflict of interest and also privacy. Security and privacy of taxpayers' deliberations about tax filing are likely to be eroded by e-government tax preparation programs. This therefore requires a skilled management workforce to reduce the level of risks that may enable its administration to accomplish its mission(s) by facilitating better decision making. Better decision making requires a quality risk management that allows clear ways of detecting mistakes.
As part of the consultancy firm that has been appointed by a European government in the process of assessing the business continuity and security issues that will need to be addressed by the supplier of tax return system, we are mandated to assess independently the supplier's level of preparedness. Our key and specific role is to identify the ten key risks to which the system will be exposed and to suggest the best technological or procedural solution for mitigating each risk. You should also provide a justification for prioritizing the individual risks.
The process of coming up with the risk management plan carries out according to the latest regulations that are based on the already formalized ISO/IEC 17799 or BS 7799 standards.
How to system tax return system
The system is to be built and maintained by a private sector company with established expertise in the running of large-scale systems and the management of data centers. The credit rating of the company is AA.
The users of the system will be Government employees (who will have access to all data relevant to their job) and citizens (who will only have access to their personal data) using passwords generated by the Government but modifiable by the citizen.
The operational system will be run from a primary data centre located in a suburb on the outskirts of the capital city. A secondary back-up data centre is located in a nearby town approximately 25km from the capital. Access to the system will be via a secure Government network (for Government employees) and via the Internet (for citizens). Citizens can therefore download tax return software from the Government's web-site to complete their returns off-line.
The process of coming up with the Business Continuity Plan manual comprises of five major phases. The stages below are the stages that will be involved.
This stage comprises of the analysis of the impact that the tax return system will have in the overall efficiency of tax return system, the threat analysis and the various impact scenarios that might result. The impact analysis results in the differentiation between the very urgent (critical) and the various non-critical government tax return activities. The process of considering a function as being critical involves the gauging of the level of acceptance of the implications that might result in the transition process of adopting the new online tax return system. This is determined and modified by way of cost that is involved in the establishment and maintenance of appropriate business and technical recovery solutions. The critical nature of the function may also be gauged through the legal requirements that the law dictates. The scope of criticality of the process is determined through two values. The initial value is called the Recovery Point Objective (RPO) and is used to determine the acceptable level of latency of data that is recoverable within a specific period that the system is deployed. The second value that assigned to the process of determining the criticality of the process is the Recovery Time Objective (RTO).This denotes the acceptable period of time that is required in order to restore the functions of the government tax department to the usual operation. The process of coming up with the Recovery Point Objective must take into account the Maximum Tolerable Data Loss for the tax return activity is never exceeded. The next process involves the establishment of certain crucial information. The first one is the establishment of the government business requirement that is required in the process of ensuring recovery together with the necessary technical specifications needed for the process of recovery.
Definition of impact scenarios
After defining all the potential threats, the next step is the documentation of the impact scenarios of the specific government business recovery plan. The step of planning for the best far-reaching disaster preparedness.
.In general, planning for the most wide-reaching disaster or disturbance is preferable to planning for a smaller scale problem, as almost all smaller scale problems are partial elements of larger disasters. A typical impact scenario like 'Building Loss' will most likely encompass all critical business functions, and the worst potential outcome from any potential threat. A business continuity plan may also document additional impact scenarios if an organization has more than one building. Other more specific impact scenarios - for example a scenario for the temporary or permanent loss of a specific floor in a building - may also be documented. Organizations sometimes underestimate the space necessary to make a move from one venue to another. It is imperative that organizations consider this in the planning phase so they do not have a problem when making the move.
Risks involved and their recommended solutions.
Internet security threats have become more dangerous and sophisticated such that cyber thieves and fraudsters have executed attacks on online tax filers to steal various confidential information which includes network passwords, social security numbers, bank account numbers and credit card information. Various security labs have also discovered tax attacks in several countries hosted on compromised web servers. For example, some internal revenue service campaigns claim that the taxpayer is eligible for a refund and should log on to a website in order to verify their information. A variety of e-mail messages are with a link to a fraudulent website are then sent, each to a different user who upon accessing it, he (user) is directed to a fraudulent site that requests personal identifiers which includes credit card information. This particular scam is intended to dupe users into revealing their confidential information which is then used in withdrawing their funds.
Phishing can also present a serious security threat for both the consumers and the organizations. Deception techniques by phishing has become more sophisticated such that more and more employees are lured into spoofed websites as they are unable to determine the difference between the genuine website and the fake one. Very confidential information therefore falls into the wrong website. Phishing scam trends indicate that just by visiting a website, various phishing URL's can install spyware i.e. The malicious key logger, which is capable of capturing data including network passwords or social security numbers without their knowledge. This only takes a single click by an employee to a phishing site to accidentally distribute customer records, network passwords, and other corporate secrets, to risk an entire organizations' intellectual property.
As a precautionary measure, web filers can evade tax attacks and other internet threats by avoiding any suspicious e-mail links; instead go directly to the official website. In addition, companies seeking to protect their employees from phishing scams can establish web filtering and web security software to prevent access to fraudulent sites and activities such as phishing. Such software offer real-time security updates to the database as malicious websites and other events are discovered, researched and categorized.
While corporate employees may have their computers well protected, other users with personal computers may be fully at risk if they don't use protective software such as firewall for prevention of malicious hacking by fraudsters. Without a firewall, any hacker could pull outside with…
Sources Used in Document:
Arcot (2009) Arcot Fraud Detection and Risk Analysis for eCommerce Transactions
Solution Guide. Available http://www.arcot.com/resources/docs/Arcot_Fraud_Detection_&_Risk_Analysis_for_eCommerce_Transactions.pdf
A definition from Webopedia "Data Center Tiers" (HTML). Webopedia. 2010-02-13. Retrieved 2010-02-13.
A document from the Uptime Institute describing the different tiers (click through the download page) "Data Center Site Infrastructure Tier Standard: Topology" (PDF). Uptime Institute. 2010-02-13. Retrieved 2010-02-13.