Designed by Freepik Why is Information Security Important? By Gershom Tanga FZICA, ACCA, CSA, C1SM, TL MAGN waking wp dcr Tose crncs ny sre be tee cba compan ail es veo Teste othe mea rena ee en oan crmpley psa ls be ben ‘The Accountant Posted on the internet The market loses confidence in your organisation, your share price takes a dive, and your directors are found to be personally responsible ‘or inadequate risk management prac- ces. Sound scary? It is. An extreme ‘example? Peshaps. But even small scale seeuity breach could leave our business without access to its critical LT systems for hours or day ut why is it important 1 secure information? And how “should its security be managed? To start think ing about these questions, considerSens sci th, compen wendy mon om a, Petts me ; authentication and it should be casy Authorisation of for the user to remember, but di. Access Rights Sewlt for an intruder to determine. The authorisation process used for Passwords should be uniqueto an indi- yccess control requires dha the sys vidual and should never be shared, or ten be able to identify ad differen written anywhere especially near the ate among users, Access rules specify ‘working station, In order toighten the who can access what. Access should sceunty of ou information assets and be documented ona nced-to-know and threats to information systems from devices, we arc required 0 be revis- need-to-do asi by type of accor. {riminals and terorists arc increasing. ing the password complexity rules xa care aces to be undonaken We need to identify information 2s periodically. Passwords for compuler hen given acvess to write, create an area of operation that needs to be (desktop Ipiop ete.) and application ar dlete. The least dangerous type proecteds par ofsystems of internal accounts should bea minimum length of access view ony, as long ns the conta, ‘of characters and a mixture ofalpha- _jnformation being accessed is nt sex ‘numeric upper /Howerease letters with sive ot confidential. Access to sys- ‘numbers or special characters, ‘em logs should be highly esticted oF controlled. Those with access should Token Devices or One- have acess for review purposes only oa, Time Passwords In addition, this is an area that needs ‘i ly All users who socess the company periodic auditing by the data owners ea tbe RABY prOeeW/ This yorwork using routers or modem must and inlemal auditors §s expocially important inthe inereas- he sed with user assigned micropro ingly interconnected business envi- cessor controlled cards ora USB keys. ronment, where information is now The smart cardkey is set to generate Hard copy teports shou * exposed to a growing number and a time dependent session password. be secured under lock snd key. In wider variety of threats and vulner- ‘This session password carries use adltion, all drafts or extra copies abilities. Causes of damage such 35 yorifcation and authentication before should he shredded using a shredding Imalciows code, computer hacking, Jog in is accepted. This ensures that’ machino. and denial of serview attacks have only authorised users are able to log. It is worth noting that print rooms become more common, more ambi- and iransact onthe company nerwork/ should "he highly contolled. emi Yous, and increasingly sophisticated sysioms, Always ensure that tokens ronments, especially near or around a always secured, the priniers. Lack of controls or the existence of weak contols inthe ‘rin rooms ean expose confidential ee... company information to unauthorised {piop, celiptone, fash disk or exter individsals and may have devastating ral drives et.) ther is nee to imple- effect othe company. abusinisteesnesitted ARE valbe je easy to use propiciary encryp In conclusion, Infomation Security ‘tits information! tafermation ithe on tools! programmes for Windows snot an LT problem’ it x3 business “basis of competitive advantage” ‘that can encrypt your entire drive as issue. Obviously compliance with The following are the steps that well as help protect against unauthor- legal and regulatory requirements is fist be undertaken in ensuring that ised changes to your system/machine. important. It provides a very good all cur information assets and mobile Jp simple words al the information on reason for reviewing your information hevies ae secure the mobile devices must be enerypred Security practices, but it should not (locked) and ean only be decrypted inl be the sole or even the main Procedures and (unlocked) with key, which wil only driver If business wishes to survive, Policies be kaowa tthe ovner. This implics et alone prosper, it must rasp ths The most eritcal part in proseet- that if the device is stolen, then the impontance of infomation secuity ing information asscts and privacy is information will bsenerypted (locked) and adhere to appropriate measures Jaying the foundation for effective and the information will remain and processes. information security management. secur, Procedures and policies must be con- Company employses arc expected The Author is Manager stantly updated so that we are in con- 1 exercise duc care in their work Information Systems, formity withthe laws and regulations, environmenis with all the informa: Mopani Copper Mines Ple, Kitwe. and reflec the business objectives. All tion assets and especially in thcit Emailaddress : Gershom, employees must be required to sign aves. Any lost or theft of a mobile Tinga@mopani.com.cm the policies as a sign of commitment device must be treated as a security Office Line: +260 212 247 of adherence. breach and reported immediately in 006