Because the Internet is designed to be an open system and makes internal corporate systems more vulnerable to actions from outsiders; digital data is even more vulnerable to destruction, misuse, error, fraud and hardware or software failures. Computer hackers can unleash denial of service (DoS) or penetrate corporate networks causing serious system disruption. Wi-Fi networks can also be easily hacked by intruders. Computer viruses and worms can also disarm networks and websites. The spread out nature of cloud computing makes it difficult to track unauthorized activity or to apply controls from afar.
The business value of security and control is huge. Lack of good security and control can cause major problems down the line for any business or organization; and can lead to loss of sales and productivity. Information assets, such as confidential employee records, trade secrets or business plans lose a lot of their value if they are revealed to company outsiders. New laws such as HIPPA, the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act have made it mandatory for a company to have very strict electronics management policies.
In order for a company to have solid security and control it is necessary to establish a good set of both general and application controls for their IS. Risk assessment evaluates information assets, identifies control points and control weaknesses and determines the most cost effective set of controls. Organizations also have to develop a coherent corporate security policy and plans for continuing business operations in the event of a disaster or a major disruption to daily business operations. The security policy should include policies for acceptable use and identity management; as well a comprehensive, systematic MIS auditing tool.
No comments:
Post a Comment