IRS Security Recommendations Quiz

Quiz Flashcard

Questions

Feedback

During the Quiz End of Quiz

Difficulty

Easy First Hard First Sequential

1/11 Questions

Facilities Security - You've assured that taxpayer information, including data on hardware and media, is not left un-secured on desks or photocopiers, in mailboxes, vehicles, trash cans or rooms in the office or at home where unauthorized access can occur.
- Yes
- No

About This Quiz

IRS Publication 4557 – Safeguarding Taxpayer Data, A Guide for your Business

In 2015, the IRS called together major players in the tax industry—tax return preparers, software providers, state tax agencies, payroll providers and financial institutions—for a Security Summit to increase the cooperation, in place, to fight a common enemy—the identity thieves.

Tax preparers are critical players in this partnership, and, because of the taxpayer information they store, are increasingly being targeted for data theft. Safeguarding taxpayer data is a top priority for the IRS; it is the legal responsibility of government, businesses, organizations, and individuals that receive, maintain, share, transmit or store taxpayers’ personal information. Taxpayer data is defined as any information that is obtained or used in the preparation of a tax return (e. G., income statements, notes taken in a meeting, or recorded conversations). Putting safeguards in place to protect taxpayer information helps prevent fraud and identity theft and enhances customer confidence and trust.

This guide is broken into seven checklists, to help guide organizations in safeguarding their data. We’ve selected just ten items (from over 60), to build this short quiz, and have added details as to why these items are important in safeguarding data.

https://www. Irs. Gov/pub/irs-pdf/p4557. Pdf

IRS Security Recommendations Quiz - Quiz

2.

Information Systems Security - You've put in place a written contingency plan to perform critical processing, in the event that your business is disrupted. It should include a plan to protect both electronic and paper taxpayer information systems. You've identified individuals who will recover and restore the system after disruption or failure.
- Yes
- No
Correct Answer

A. Yes

Explanation

It’s important to note that a contingency plan is not the same as a data backup plan, as a contingency plan addresses more than data. What if you utilize a cloud based tax preparation software, and you lose Internet? What occurs in the event of an extended power loss? On April 17th, 2016, an underground fire caused a power outage in downtown Altoona. On April 18th, the filing deadline, power was still not restored. What is your contingency plan for a power loss during the last two days of tax season?

Rate this question:
3.

Personnel Security - You terminate access to taxpayer information (e.g., login IDs and passwords) for those employees who are terminated or who no longer need access.
- Yes
- No
Correct Answer

A. Yes

Explanation

A termination checklist is critical to ensure former employees no longer have access to the organizations IT systems. Simply disabling their user account many not suffice, due to the number of services which have separate logins, or worse, logins which are shared across the organization.

Rate this question:
4.

Personnel Security - You've performed a background and/or reference check on new employees who will have contact with taxpayer information, and have conducted background screenings that are appropriate to the sensitivity of an assigned position. This includes interns and part-time employees.
- Yes
- No
Correct Answer

A. Yes

Explanation

A survey by CareerBuilder, in 2015, found that 56% of hiring managers have caught job candidates lying on their resumes. A quarter have seen people who claim to be employed by companies they never worked for. A background check, employment, and education verification should be included as part of the hiring process.

Rate this question:
5.

Information Systems Security - You periodically test your contingency plan.
- Yes
- No
Correct Answer

A. Yes

Explanation

No plan, whether it is your data backup plan or a contingency plan for an extended power outage, is complete until it has been tested. At our office, we test our backup generator weekly, and the backup to our backup (a portable backup generator) every 60 days.

Rate this question:
6.

Computer Systems Security - You identify and authenticate computer system users who require access to electronic taxpayer information systems before granting them access.
- Yes (all systems require login)
- No (only some systems require login)
Correct Answer

A. Yes (all systems require login)

Explanation

While authentication (user login) is part of major tax systems, not all sensitive taxpayer data is held within your tax software (E.g. Excel spreadsheets, PDF’s, emails, etc.). It’s important that all systems are secured, with logins required.

Rate this question:
7.

Computer Systems Security - You regularly update firewall, intrusion detection, anti-spyware, anti-adware, anti-virus software and security patches.
- Yes
- No
Correct Answer

A. Yes

Explanation

Security is not like the Ronco Rotisserie oven. You can’t set it and forget it. If your security software is not being managed by a centralized server, or cloud service, how do you know it’s working effectively? How do you know it’s updating itself, as it should? How do you know the latest virus or malware didn’t disable it (as they’re known to do)? How do you know your systems are being patched for the latest security vulnerabilities? Without management and centralization, you don’t know. You’re hoping and assuming.

Rate this question:
8.

Computer Systems Security - You lock out computer system users after three consecutive invalid access attempts.
- Yes
- No
Correct Answer

A. Yes

Explanation

A very common attack is a brute force attack against a computer system, often a remote desktop server (terminal server or Citrix server). In this attack, the attacker continually guesses passwords, until one is correct and grants them access. This can easily be prevented by implementing an account lockout policy, which temporarily disables an account after a predetermined number of invalid attempts. Additionally, being alerted to excessive invalid logins is also important, so you can take proactive measures to block the attacker. A major area of concern for organizations is the time it takes until they realize they’ve been compromised. A call from the FBI informing you that your information is for sale, on the Internet, is not welcoming.

Rate this question:
9.

Media Security - You securely remove all taxpayer information when disposing of computers, diskettes, magnetic tapes, hard drives, or any other electronic media that contain taxpayer information. The FTC Disposal Rule has information on how to dispose of sensitive data.
- Yes
- No
Correct Answer

A. Yes

Explanation

Did you know that when you delete a file, it’s not really gone? And if you reformat a computer, that doesn’t erase all the sensitive data that was stored on it? When disposing of systems, especially those which have created, accessed, stored or edited sensitive information, you must ensure the system is properly sanitized. Various studies have been conducted where used systems were purchased from eBay and Craigslist, and using data recovery tools (not necessarily rocket science), personal and confidential information was recovered.

Rate this question:
10.

Administrative Activities - Have you completed a risk assessment?
- Yes
- No
Correct Answer

A. Yes

Explanation

A risk assessment identifies the risks and potential impacts of unauthorized access, use, disclosure, disruption, modification or destruction of information and information systems that can be used to access taxpayer data. How vulnerable is your clients’ data to theft, disclosure, unauthorized alterations or unrecoverable loss? What can you do to reduce the impact to your customers and your business in such an event? What can you do to reduce vulnerability? These are just a few of the questions a risk assessment looks to answer. It’s not if an incident will occur, it’s when (and more importantly, will you be prepared for it).

Rate this question:
11.

If you'd like to be contacted to discuss your results, please provide your name and contact number in the box below. Or, we welcome any feedback on our quiz.

Quiz Review Timeline (Updated): +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 02, 2017

Quiz Edited by
ProProfs Editorial Team
Mar 01, 2017

Quiz Created by

IRS Security Recommendations Quiz

Facilities Security - You've assured that taxpayer information, including data on hardware and media, is not left un-secured on desks or photocopiers, in mailboxes, vehicles, trash cans or rooms in the office or at home where unauthorized access can occur.

Quiz Preview

Personnel Security - You terminate access to taxpayer information (e.g., login IDs and passwords) for those employees who are terminated or who no longer need access.

Personnel Security - You've performed a background and/or reference check on new employees who will have contact with taxpayer information, and have conducted background screenings that are appropriate to the sensitivity of an assigned position. This includes interns and part-time employees.

Information Systems Security - You periodically test your contingency plan.

Computer Systems Security - You identify and authenticate computer system users who require access to electronic taxpayer information systems before granting them access.

Computer Systems Security - You regularly update firewall, intrusion detection, anti-spyware, anti-adware, anti-virus software and security patches.

Computer Systems Security - You lock out computer system users after three consecutive invalid access attempts.

Media Security - You securely remove all taxpayer information when disposing of computers, diskettes, magnetic tapes, hard drives, or any other electronic media that contain taxpayer information. The FTC Disposal Rule has information on how to dispose of sensitive data.

Administrative Activities - Have you completed a risk assessment?

If you'd like to be contacted to discuss your results, please provide your name and contact number in the box below. Or, we welcome any feedback on our quiz.