Designed by Freepik
Why is Information
Security Important?
By Gershom Tanga FZICA,
ACCA, CSA, C1SM, TL
MAGN waking wp dcr
Tose crncs ny
sre be tee cba
compan ail es veo
Teste othe mea rena
ee en oan
crmpley psa ls be ben
‘The Accountant
Posted on the internet
The market loses confidence in
your organisation, your share price
takes a dive, and your directors are
found to be personally responsible
‘or inadequate risk management prac-
ces. Sound scary? It is. An extreme
‘example? Peshaps. But even small
scale seeuity breach could leave our
business without access to its critical
LT systems for hours or day
ut why is it important 1 secure
information? And how “should its
security be managed? To start think
ing about these questions, considerSens sci th, compen wendy
mon om a,
Petts me ;
authentication and it should be casy Authorisation of
for the user to remember, but di. Access Rights
Sewlt for an intruder to determine. The authorisation process used for
Passwords should be uniqueto an indi- yccess control requires dha the sys
vidual and should never be shared, or ten be able to identify ad differen
written anywhere especially near the ate among users, Access rules specify
‘working station, In order toighten the who can access what. Access should
sceunty of ou information assets and be documented ona nced-to-know and
threats to information systems from devices, we arc required 0 be revis- need-to-do asi by type of accor.
{riminals and terorists arc increasing. ing the password complexity rules xa care aces to be undonaken
We need to identify information 2s periodically. Passwords for compuler hen given acvess to write, create
an area of operation that needs to be (desktop Ipiop ete.) and application ar dlete. The least dangerous type
proecteds par ofsystems of internal accounts should bea minimum length of access view ony, as long ns the
conta, ‘of characters and a mixture ofalpha- _jnformation being accessed is nt sex
‘numeric upper /Howerease letters with sive ot confidential. Access to sys-
‘numbers or special characters, ‘em logs should be highly esticted oF
controlled. Those with access should
Token Devices or One- have acess for review purposes only
oa, Time Passwords In addition, this is an area that needs
‘i ly All users who socess the company periodic auditing by the data owners
ea tbe RABY prOeeW/ This yorwork using routers or modem must and inlemal auditors
§s expocially important inthe inereas- he sed with user assigned micropro
ingly interconnected business envi- cessor controlled cards ora USB keys.
ronment, where information is now The smart cardkey is set to generate Hard copy teports shou *
exposed to a growing number and a time dependent session password. be secured under lock snd key. In
wider variety of threats and vulner- ‘This session password carries use adltion, all drafts or extra copies
abilities. Causes of damage such 35 yorifcation and authentication before should he shredded using a shredding
Imalciows code, computer hacking, Jog in is accepted. This ensures that’ machino.
and denial of serview attacks have only authorised users are able to log. It is worth noting that print rooms
become more common, more ambi- and iransact onthe company nerwork/ should "he highly contolled. emi
Yous, and increasingly sophisticated sysioms, Always ensure that tokens ronments, especially near or around
a always secured, the priniers. Lack of controls or the
existence of weak contols inthe
‘rin rooms ean expose confidential
ee... company information to unauthorised
{piop, celiptone, fash disk or exter individsals and may have devastating
ral drives et.) ther is nee to imple- effect othe company.
abusinisteesnesitted ARE valbe je easy to use propiciary encryp In conclusion, Infomation Security
‘tits information! tafermation ithe on tools! programmes for Windows snot an LT problem’ it x3 business
“basis of competitive advantage” ‘that can encrypt your entire drive as issue. Obviously compliance with
The following are the steps that well as help protect against unauthor- legal and regulatory requirements is
fist be undertaken in ensuring that ised changes to your system/machine. important. It provides a very good
all cur information assets and mobile Jp simple words al the information on reason for reviewing your information
hevies ae secure the mobile devices must be enerypred Security practices, but it should not
(locked) and ean only be decrypted inl be the sole or even the main
Procedures and (unlocked) with key, which wil only driver If business wishes to survive,
Policies be kaowa tthe ovner. This implics et alone prosper, it must rasp ths
The most eritcal part in proseet- that if the device is stolen, then the impontance of infomation secuity
ing information asscts and privacy is information will bsenerypted (locked) and adhere to appropriate measures
Jaying the foundation for effective and the information will remain and processes.
information security management. secur,
Procedures and policies must be con- Company employses arc expected The Author is Manager
stantly updated so that we are in con- 1 exercise duc care in their work Information Systems,
formity withthe laws and regulations, environmenis with all the informa: Mopani Copper Mines Ple, Kitwe.
and reflec the business objectives. All tion assets and especially in thcit Emailaddress : Gershom,
employees must be required to sign aves. Any lost or theft of a mobile Tinga@mopani.com.cm
the policies as a sign of commitment device must be treated as a security Office Line: +260 212 247
of adherence. breach and reported immediately in 006