Data security.

• Author: Strahs, Roanne, P.
• Position: Security protections for tax practitioners' data

Information security should be a critical concern for tax practitioners whose notebook and desktop computers are connected to internal and external networks. An unsecured system can have a significant impact on the effective operation of a firm.

"Security" refers to those systems and procedures that prevent unauthorized access to, use of or modification to a firm's information assets. Such information may be physically stored on the firm's personal computers, file servers and other storage devices, or it may be communicated from one computer to another via a wide area network (WAN), remote dial-up connection or (increasingly) the Internet. There are many reasons why organizations need to keep data private and secure from potential loss due to physical or electronic theft, viruses and hackers:

* Practitioners have an affirmative obligation to protect client information from disclosure to unauthorized parties.

* The value of proprietary data is diminished if that data can be transferred to others without proper compensation.

* Programs covered by license agreements bind users to a legal obligation not to disclose or transfer information to others.

* Unrestricted access may cause disruption and damage to computer systems.

This discussion of security is a general one. After reviewing the issues raised here, it is important to continue researching current technology and implement a security plan. The plan should be clearly communicated to all employees; once it is implemented, there should be periodic checks to make sure everyone is following it. Donn G. Parker, a leading security expert based at SRI in Palo Alto, Cal., offers six fundamental concepts of information security:

* Confidentiality: Control over disclosure of information.

* Possession: Control over use of information.

* Integrity: Validity, correctness and completeness of information.

* Authenticity: Correct attribution of the origins or authorship of information.

* Availability: Timely access to information.

* Utility: Suitability, fitness or value of information for a specific purpose.

Information security measures are designed to address one or more of these concepts.

Information Security Within an Enterprise

Personal computers: The first line of defense is to make sure personal computers (and the information stored on them) are adequately safeguarded against loss, misappropriation and viruses. Increasingly, firms are equipping partners and staff with portable notebook computers; these enable work to be done effectively while users are away from the office at client sites, traveling and at home. Not only is the actual computer more at risk of being lost or damaged, but...