INFORMATION AND SYSTEM SECURITY CONTROL

Introduction
Whether one views the spread information technological infrastructure as a good development or
not, IT infrastructure are rapidly being adopted in most types of businesses, and to operate a
business today successfully, you need to make security and control a top priority. Moreover, the
development comes with attendant security implications for both individual, organisation and
government. Most times, security is forgotten amidst excitement of the development and spread
of IT infrastructures in most organisation. Therefore, just as IT infrastructure have proved to be
most useful to organisations, so too have they proved to be powerful tools in the hands of those
that want to use them for dishonest reasons. Owing to the usefulness of the IT infrastructure and
attendant convenience to life and businesses, it equally magnifies opportunity for serious damaged,
whether it is due to genuine error or intentional acts of abuse. Security refers to the policies,
procedures, and technical measures used to prevent unauthorized access, alteration, theft, or
physical damage to information systems. Controls are methods, policies, and organizational
procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its
records, and operational adherence to management standards.
Since IT infrastructures always represent sizeable equipment investments, it should therefore,
automatically be of security concerns because:
(i) They could be targets of disgruntle people.
(ii) They could be damage accidentally.
(iii) They can literary be carried away from the owner/location.
(iv) The theft or damage can delay or hinder decision making and business operation.
(v) Software and data alterations or manipulation can also have serious effects on an
organisation and should therefore, qualify for security attention.
(vi) The security and even the very existence of an organisation may be in danger if the IT
infrastructure is stolen or made available to enemies.
(vii) The leakage of vital information (financial or secrets) unauthorized individuals or
institutions cause embarrassments to an organisation.

1
 Areas of Concentration
While it is not possible to give a detailed description of how an individual organisation should
properly secure its IT infrastructure (hardware and software), the following are the broad areas to
consider:
(i) Administration
(ii) Physical security
(iii) Data security
(iv) Documentation security
(v) Software integrity
(vi) Contingency Plan

Furthermore, it should be noted the security of IT infrastructure should be a major concern of all
stakeholders, thus, the following steps should be taken:
(i) Management must learn how it can use all available help,
(ii) Security and IT specialists must educate other managers and staff about the need for
security.
(iii) Realistic interim goals for achieving satisfactory IT-wide security must be put in place.
(iv) Managers should join professional organisation and read good professional journals
that will keep him/her up-to-date on developments in IT security, and
(v) Do not wait till outsiders ask you why you have not done something about security or
why your organisation is exposed.

Electronic Viruses
A computer virus is simply a program designed to attached itself to another computer program.
Some computer viruses damage data by corrupting programs, deleting files, or even reformatting
your entire hard disk. Others, replicate or display messages. It is an intentional, self- replicating
program code that causes normal programs to malfunction or data files to be damaged or deleting
files or even reformatting the entire disk.

Known viruses categories are:

2
 (i) Common virus
(ii) Program virus
(iii) Boot virus
(iv) Stealth viruses
(v) Polymorphic Viruses
(vi) Multiple viruses

Managing Computer Viruses

Implementing a straightforward anti-virus policy will help protect your data from all kinds of loss,
including viruses. In particular, the following element of protection should be considered:
(i) Prevention- To limit the spread of virus.
(ii) Detection- To ensure that if a virus does get through the defence, it is detected as
quickly as possible.
(iii) Recovery - To ensure that if any files are lost or damaged, they can be restored as
quickly as possible. Besides, maintain anti-virus policies that can help e. g maintain
backups, checks software sources, prevent virus from being copied from other
devices and so on.
(iv) Try to avoid encryption and password protection.
(v) Gain cooperation of your employees.

Business Value of Security and Control

Many firms are reluctant to spend heavily on security because it is not directly related to sales
revenue. However, protecting information systems is so critical to the operation of the business
that it deserves a second look. Companies have very valuable information assets to protect.
Systems often house confidential information about individuals’ taxes, financial assets, medical
records, and job performance reviews. They also can contain information on corporate operations,
including trade secrets, new product development plans, and marketing strategies. Government
systems may store information on weapons systems, intelligence operations, and military targets.
These information assets have tremendous value, and the repercussions can be devastating if they
are lost, destroyed, or placed in the wrong hands. Systems that are unable to function because of

3
security breaches, disasters, or malfunctioning technology can permanently impact a company’s
financial health. Some experts believe that 40 percent of all businesses will not recover from
application or data losses that are not repaired within three days (Focus Research, 2010).
Inadequate security and control may result in serious legal liability. Businesses must protect not
only their own information assets but also those of customers, employees, and business partners.
Failure to do so may open the firm to costly litigation for data exposure or theft. An organization
can be held liable for needless risk and harm created if the organization fails to take appropriate
protective action to prevent loss of confidential information, data corruption, or breach of privacy.
A sound security and control framework that protects business information assets can thus produce
a high return on investment. Strong security and control also increase employee productivity and
lower operational costs.

References
Focus Research (October 2010). Devastating downtime: The surprising cost of human error
and unforeseen events.
Laudon, K. C. & Laudon, J. P. (2014). Management information systems: Managing the digital
firm, 13th Edition, Pearson Education Limited.
Omolaja, M. A. (2004). Information systems in organisations: A practical approach, Campus
Publication Ltd.