Adware Computer advertising software that may or may not monitor computer use to target ads.
Authorized IRS e-file Provider A business authorized by the IRS to participate in IRS e-file as an Electronic Return Originator, an Intermediate Service Provider, a Reporting Agent, a Software Developer, an Online Provider or a Transmitter.
Confidentiality Restrictions placed on information access and disclosure, including means for protecting personal privacy and proprietary information.
Denial of Service An attack that prevents or impairs the authorized use of networks, systems or applications by exhausting resources.
Electronic Return Originator (ERO) Authorized IRS e-file Provider that originates the electronic submission of returns to the IRS.
Encrypt To convert plain text to unintelligible text using a cryptographic algorithm.
Identity Theft Misuse of someone else’s personal information to obtain new accounts or loans or commit other crimes.
Information Resources Information and related resources, such as staffing, funding and information technology.
Information Security The process that ensures the protection of information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
Information System A set of information resources designated for the organization of data for the collection, processing, maintenance, use, sharing, dissemination or disposition of information.
Information Technology The technology involving the development, maintenance and use of computer systems, software and networks for the processing and distribution of data.
Integrity The authenticity or unimpaired condition of information; including reliability for non-repudiation of origin.
Intermediate Service Provider Receives tax information from an ERO (or from a taxpayer who files electronically using a personal computer, modem and commercial tax preparation software), processes the tax return information and either forwards the information to a Transmitter or sends the information back to the ERO (or taxpayer for Online Filing).
Intrusion Detection The act of detecting actions that attempt to compromise the confidentiality, integrity or availability of a resource.
IRS e-file The brand name of the electronic filing method established by the IRS.
Management Safeguards The security safeguards or countermeasures for an information system that focus on the management of risk and the management of information system security.
Non-repudiation The process in which there is assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender’s identity for future validation purposes.
Online Provider An Online Provider allows taxpayers to self-prepare returns by entering return data directly into commercially available software, software downloaded from an Internet site and prepared off-line or through an online Internet site.
Operational Safeguards Security for an information system that is primarily implemented and executed by people rather than by a system.
Reporting Agent Originates the electronic submission of certain returns for its clients and/or transmits the returns to the IRS. A Reporting Agent must be an accounting service, franchiser, bank or other entity that complies with Rev. Proc. 2012-32, 2012-34 I.R.B. 267, and is authorized to perform one or more of the acts listed in Rev. Proc. 2012-32 on behalf of a taxpayer. Reporting Agents must submit Form 8655, Reporting Agent Authorization, to the IRS prior to or at the same time that they submit an IRS e-file Application.
Risk The likelihood that the unwanted impact of an incident will be realized.
Risk Assessment The process of identifying risks and determining the probability of occurrence, the resulting impact and additional security controls that would mitigate this impact.
Risk Management A systematic process of evaluating the potential risks that may be involved in a projected activity or undertaking.
Safeguard Protective measures prescribed to meet the security requirements specified for an information system. Safeguards may include security features, management constraints, personnel security and security of physical structures, areas, and devices.
Security Controls Safeguards designed to protect the confidentiality, integrity and availability of a system and its information.
Security Plan Formal document that provides an overview of the security requirements for the information system and describes the security controls in place or planned for meeting those requirements.
Security Requirements Requirements that are derived from laws, policies, instructions regulations, or business (mission) needs to ensure the confidentiality, integrity and availability of the information being processed, stored or transmitted.
Service Provider Any individual or business that maintains, processes or is given access to customer information through the provisions of a service agreement with another individual or business.
Software Developer Develops software for the purposes of formatting electronic return information according to IRS e-file specifications and/or transmitting electronic return information directly to the IRS.
Spyware Software installed into an information system to gather information on individuals or organizations without their knowledge.
Tax Preparer Any person who is engaged in the business of preparing or assisting in preparing tax returns.
Technical Safeguards Controls for a system that are primarily implemented and executed by the information system through mechanisms contained in the hardware, software or firmware components of the system.
Threat Any circumstance or event with the potential to adversely impact operations, assets or individuals through an information system via unauthorized access, destruction, disclosure, modification of information and/or denial of service.
Transmitter Transmits electronic tax return information directly to the IRS. EROs and Reporting Agents may apply to be Transmitters and transmit return data themselves, or they may contract with accepted Third-Party Transmitters that will transmit the data for them. A Transmitter must have software and computers that allow it to interface with the IRS.
Trojan Horse A computer program used to attack a computer system by secretly allowing, among other things, unauthorized access or alteration of data or software.
User Individual or system process authorized to access an information system.
Virus A computer program used to compromise a computer system by performing functions that may be destructive. A virus may alter other programs to include a copy of itself and execute when the host program or other executable component is executed.
Vulnerability Weakness in a system through procedures, internal controls or implementation that could be exploited or triggered by a threat source.
Worm A computer program used to compromise a computer system by impacting performance. A worm can travel from computer to computer across network connections replicating itself.