INFORMATION SYSTEMS SECURITY AND CONTROL - FACULTY OF COMPTUING AND INFORMATICS BBIT 438\/CISY 421\/MISC 322\/BSIS 316 Management Information Systems

INFORMATION SYSTEMS SECURITY AND CONTROL - FACULTY OF...

This preview shows page 1 - 3 out of 7 pages.

Information Systems Security and Control Page 1 FACULTY OF COMPTUING AND INFORMATICS BBIT 438/CISY 421/MISC 322/BSIS 316 Management Information Systems 12. INFORMATION SYSTEMS SECURITY AND CONTROL After completing this chapter, you will be able to: Describe why information systems are so vulnerable to destruction, error, abuse and system quality problems Compare general controls and application controls for information systems Select the factors that must be considered when developing the controls of information systems Describe the most important software quality-assurance techniques Describe the importance of auditing information systems and safeguarding data quality The development, implementation and maintenance of information systems constitute a large and growing part of the cost of doing business, protecting these resources is a primarily concern. The increasing reliance on information systems, combined with their connection to the “outside world” in the form of the Internet, makes security corporate information systems increasingly challenging. Security refers to the policies, procedures, and technical measures used to prevent unauthorized access, alteration, theft, or physical damage to information systems. Controls consist of all the methods, policies, and organizational procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its accounting records, and operational adherence to management standards. The role of computer controls and security is to protect systems against these and many other mishaps, as well as to help organizations ensure that their information systems
Information Systems Security and Control Page 2 operations complies with the law and with expectation of employees and customers for privacy. The major goals of information security are: To reduce the risk of systems and organizations ceasing operations. To maintain information confidentiality. To ensure the integrity and reliability of data resources. To ensure the availability of data resources. To ensure compliance with national security laws and privacy policies and laws. System Vulnerability and Abuse Before computer automation, data about individuals or organizations were maintained and secured as paper records dispersed in separate business or organizational units. Information systems concentrate data in computer files that can potentially be accessed by large numbers of people and by groups outside of the organization. When large amounts of data are stored in electronic form they are vulnerable to many more kinds of threats than when they exist in manual form. Through communications networks, information systems in different locations can be interconnected. The potential for unauthorized access, abuse, or fraud is not limited to a single location but can occur at any access point in the network.

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture