Information systems

Security and Control

LECTURE 11
INFORMATION SYSTEMS SECURITY
AND CONTROL
• In this lecture you are introduced to the importance of information security and control.
• Security refers to the policies, procedures, and technical measures, used to prevent
unauthorized access, alteration, theft, or physical damage to information systems.
• Information systems are vulnerable to destruction, error, abuse, and systems standards
and quality challenges
• As students of public administration, you must be aware of measures needed to ensure
the security of e-government and e-commerce platforms and safeguarding data quality
and access.
• An array of techniques to protect information systems elements have been proposed in
literature.
• It is worth noting upfront that developing countries face severe systems security
challenges and dealing with the possible threats attracts astronomic costs.
Major systems security challenges
• Large amounts of data when stored in electronic format are
vulnerable to many more kinds of threats than when stored in manual
form.
• Advances in ICT continue to magnify security threats targeting
information systems.
• Most common threats emanate from technical, organizational,
environmental and management decisions.
• Due to the interconnectedness of most of the information systems
across territories, information systems vulnerabilities continue to
present unique headaches for governments in developing countries.
Major Systems Security Challenges
Hacking and Computer Viruses
• Rising reports of internet security breaches continue to accompany
information systems development
• A hacker is a person who gains unauthorized access to a computer
network for profit or criminal mischief or personal pleasure.
• These malicious intruders are equivalent to break-in thieves and can
cause harm to organizations by planting spyware that can execute at set
times to cause damage to the organization’s systems e.g. Trojan horse.
• Hackers promote rogue software programs or computer viruses that can
spread rampantly from system to system.
Major Systems Security Challenges
Disasters
• Computer hardware, programs, data files and other equipment can be destroyed
by floods, fires, power failures etc.
• Reconstructing destroyed systems will cost millions of dollars while some
systems are irreplaceable.
• Once systems are destroyed, organizations that use them for their day to day
operations will not be ale to operate.
• This elevates the importance of duplicate system pathways or redundancy
systems or emergency BCM/ backup sites.
• Other organizations contract out disaster recovery to third parties to minimize
the impact of disasters.
Major Systems Security Challenges
Computer Errors and Defective Software
• Computers themselves can be instruments of errors that can severely disrupt
or destroy company records or the effective functioning of state institutions for
example, a software failure in the national defense system may lead to inability
to detect security or missile intrusions into the Zimbabwean territory, a system
failure may lead to loss of fiscal data required for taxation purposes.
• Government experts must be on the lookout for defective software
• Erroneous financial data for example due to a formulaic error in the VAT model
can lead to loss of millions of dollars.
• Errors in automated systems should be anticipated and inbuilt solutions must
be readily available for activation.
Major Systems Security Challenges
Bugs and Defects
• Program code defects or bugs also present security challenges for public
sector organizations
• Large programs often required for the public sector can not be entirely
cleaned up of all bugs due to the complexity of decision making codes inbuilt
into these systems.
• These systems contain many decision making possibilities that designers may
fail to consider or include into the core systems.
• Many of these errors are discovered during testing but not all are eliminated
because complete testing is not possible and eliminating all bugs has potential
diminishing returns because of the longer time involved.
Major Systems Security Challenges
Maintenance Nightmares
• Information systems are traditionally hard to maintain.
• Modifying systems that are already in use is very expensive. Early detection and
correction is less expensive but errors detected after programming, testing, and
conversion lead to astronomic costs for the organization.
• Costs are so high because this leads to organizational change around the structure and
leadership which affect information requirements and increase software complexity
• In the process of change, faulty system analysis especially information requirements
analysis, may create chronic problems for public sector organizations which are prone
to constant changes in leadership and management.
• Literature suggests that maintenance challenges present difficult systems security
challenges.
Major Systems Security Challenges
Bad data quality
• Poor data quality presents a serious system security challenge
• Bad data can lead to bad decisions, product quality failures and even
financial loss.
• Poor data arises from errors during data input or faulty information
system and database design.
• Organizations need to put in place adequate data quality controls to
reduce data quality problems
General System Control Requirements
• These are overall controls that govern the organization’s ICT
infrastructure.
• They are meant to minimize errors, disasters, interruptions, computer
crime, and breaches of security (Laudon and Laudon, 2002).
• Controls should not be treated as an afterthought, but as a critical
priority before implementation of information systems.
• NB: Research on the following controls:
Implementation controls; software controls; physical hardware
controls; data security controls; and computer operations controls