LECTURE 11 INFORMATION SYSTEMS SECURITY AND CONTROL • In this lecture you are introduced to the importance of information security and control. • Security refers to the policies, procedures, and technical measures, used to prevent unauthorized access, alteration, theft, or physical damage to information systems. • Information systems are vulnerable to destruction, error, abuse, and systems standards and quality challenges • As students of public administration, you must be aware of measures needed to ensure the security of e-government and e-commerce platforms and safeguarding data quality and access. • An array of techniques to protect information systems elements have been proposed in literature. • It is worth noting upfront that developing countries face severe systems security challenges and dealing with the possible threats attracts astronomic costs. Major systems security challenges • Large amounts of data when stored in electronic format are vulnerable to many more kinds of threats than when stored in manual form. • Advances in ICT continue to magnify security threats targeting information systems. • Most common threats emanate from technical, organizational, environmental and management decisions. • Due to the interconnectedness of most of the information systems across territories, information systems vulnerabilities continue to present unique headaches for governments in developing countries. Major Systems Security Challenges Hacking and Computer Viruses • Rising reports of internet security breaches continue to accompany information systems development • A hacker is a person who gains unauthorized access to a computer network for profit or criminal mischief or personal pleasure. • These malicious intruders are equivalent to break-in thieves and can cause harm to organizations by planting spyware that can execute at set times to cause damage to the organization’s systems e.g. Trojan horse. • Hackers promote rogue software programs or computer viruses that can spread rampantly from system to system. Major Systems Security Challenges Disasters • Computer hardware, programs, data files and other equipment can be destroyed by floods, fires, power failures etc. • Reconstructing destroyed systems will cost millions of dollars while some systems are irreplaceable. • Once systems are destroyed, organizations that use them for their day to day operations will not be ale to operate. • This elevates the importance of duplicate system pathways or redundancy systems or emergency BCM/ backup sites. • Other organizations contract out disaster recovery to third parties to minimize the impact of disasters. Major Systems Security Challenges Computer Errors and Defective Software • Computers themselves can be instruments of errors that can severely disrupt or destroy company records or the effective functioning of state institutions for example, a software failure in the national defense system may lead to inability to detect security or missile intrusions into the Zimbabwean territory, a system failure may lead to loss of fiscal data required for taxation purposes. • Government experts must be on the lookout for defective software • Erroneous financial data for example due to a formulaic error in the VAT model can lead to loss of millions of dollars. • Errors in automated systems should be anticipated and inbuilt solutions must be readily available for activation. Major Systems Security Challenges Bugs and Defects • Program code defects or bugs also present security challenges for public sector organizations • Large programs often required for the public sector can not be entirely cleaned up of all bugs due to the complexity of decision making codes inbuilt into these systems. • These systems contain many decision making possibilities that designers may fail to consider or include into the core systems. • Many of these errors are discovered during testing but not all are eliminated because complete testing is not possible and eliminating all bugs has potential diminishing returns because of the longer time involved. Major Systems Security Challenges Maintenance Nightmares • Information systems are traditionally hard to maintain. • Modifying systems that are already in use is very expensive. Early detection and correction is less expensive but errors detected after programming, testing, and conversion lead to astronomic costs for the organization. • Costs are so high because this leads to organizational change around the structure and leadership which affect information requirements and increase software complexity • In the process of change, faulty system analysis especially information requirements analysis, may create chronic problems for public sector organizations which are prone to constant changes in leadership and management. • Literature suggests that maintenance challenges present difficult systems security challenges. Major Systems Security Challenges Bad data quality • Poor data quality presents a serious system security challenge • Bad data can lead to bad decisions, product quality failures and even financial loss. • Poor data arises from errors during data input or faulty information system and database design. • Organizations need to put in place adequate data quality controls to reduce data quality problems General System Control Requirements • These are overall controls that govern the organization’s ICT infrastructure. • They are meant to minimize errors, disasters, interruptions, computer crime, and breaches of security (Laudon and Laudon, 2002). • Controls should not be treated as an afterthought, but as a critical priority before implementation of information systems. • NB: Research on the following controls: Implementation controls; software controls; physical hardware controls; data security controls; and computer operations controls
Rural Women's Right To Maternal Health Care Before, During and After Delivery - A Focus On Women in Romsley Resettlement Area of Rusape District Manicaland Zimbabwe