Professional Documents
Culture Documents
Information and System Security Control
Information and System Security Control
Introduction
Whether one views the spread information technological infrastructure as a good development or
not, IT infrastructure are rapidly being adopted in most types of businesses, and to operate a
business today successfully, you need to make security and control a top priority. Moreover, the
development comes with attendant security implications for both individual, organisation and
government. Most times, security is forgotten amidst excitement of the development and spread
of IT infrastructures in most organisation. Therefore, just as IT infrastructure have proved to be
most useful to organisations, so too have they proved to be powerful tools in the hands of those
that want to use them for dishonest reasons. Owing to the usefulness of the IT infrastructure and
attendant convenience to life and businesses, it equally magnifies opportunity for serious damaged,
whether it is due to genuine error or intentional acts of abuse. Security refers to the policies,
procedures, and technical measures used to prevent unauthorized access, alteration, theft, or
physical damage to information systems. Controls are methods, policies, and organizational
procedures that ensure the safety of the organization’s assets, the accuracy and reliability of its
records, and operational adherence to management standards.
Since IT infrastructures always represent sizeable equipment investments, it should therefore,
automatically be of security concerns because:
(i) They could be targets of disgruntle people.
(ii) They could be damage accidentally.
(iii) They can literary be carried away from the owner/location.
(iv) The theft or damage can delay or hinder decision making and business operation.
(v) Software and data alterations or manipulation can also have serious effects on an
organisation and should therefore, qualify for security attention.
(vi) The security and even the very existence of an organisation may be in danger if the IT
infrastructure is stolen or made available to enemies.
(vii) The leakage of vital information (financial or secrets) unauthorized individuals or
institutions cause embarrassments to an organisation.
1
Areas of Concentration
While it is not possible to give a detailed description of how an individual organisation should
properly secure its IT infrastructure (hardware and software), the following are the broad areas to
consider:
(i) Administration
(ii) Physical security
(iii) Data security
(iv) Documentation security
(v) Software integrity
(vi) Contingency Plan
Furthermore, it should be noted the security of IT infrastructure should be a major concern of all
stakeholders, thus, the following steps should be taken:
(i) Management must learn how it can use all available help,
(ii) Security and IT specialists must educate other managers and staff about the need for
security.
(iii) Realistic interim goals for achieving satisfactory IT-wide security must be put in place.
(iv) Managers should join professional organisation and read good professional journals
that will keep him/her up-to-date on developments in IT security, and
(v) Do not wait till outsiders ask you why you have not done something about security or
why your organisation is exposed.
Electronic Viruses
A computer virus is simply a program designed to attached itself to another computer program.
Some computer viruses damage data by corrupting programs, deleting files, or even reformatting
your entire hard disk. Others, replicate or display messages. It is an intentional, self- replicating
program code that causes normal programs to malfunction or data files to be damaged or deleting
files or even reformatting the entire disk.
2
(i) Common virus
(ii) Program virus
(iii) Boot virus
(iv) Stealth viruses
(v) Polymorphic Viruses
(vi) Multiple viruses
3
security breaches, disasters, or malfunctioning technology can permanently impact a company’s
financial health. Some experts believe that 40 percent of all businesses will not recover from
application or data losses that are not repaired within three days (Focus Research, 2010).
Inadequate security and control may result in serious legal liability. Businesses must protect not
only their own information assets but also those of customers, employees, and business partners.
Failure to do so may open the firm to costly litigation for data exposure or theft. An organization
can be held liable for needless risk and harm created if the organization fails to take appropriate
protective action to prevent loss of confidential information, data corruption, or breach of privacy.
A sound security and control framework that protects business information assets can thus produce
a high return on investment. Strong security and control also increase employee productivity and
lower operational costs.
References
Focus Research (October 2010). Devastating downtime: The surprising cost of human error
and unforeseen events.
Laudon, K. C. & Laudon, J. P. (2014). Management information systems: Managing the digital
firm, 13th Edition, Pearson Education Limited.
Omolaja, M. A. (2004). Information systems in organisations: A practical approach, Campus
Publication Ltd.