As companies become more technologically oriented, they must become more aware of SECURITY and control issues surrounding their information systems and protect the resources more stringently than ever before.
Information systems are vulnerable to technical, organizational, and environmental threats from internal and external sources. The weak link in the chain is poor system management. If managers at all levels don’t make security and reliability their number one priority, then the threats to an information system can easily become real.
It’s a difficult balancing act when it comes to making wireless systems easy to access and yet difficult to penetrate. Hackers can use war driving techniques to gain access to wireless networks not only in hotels and airports, but private businesses and government centers.
Malicious Software: viruses, worms, trojan horses, and spyware are malicious code that are spread through vulnerable internet-connected systems. If you connect to the Internet with a cable modem or DSL you are much more vulnerable to hackers on your home PC than if you connect with a dial-up modem. The only smart thing to do is keep your antivirus software up-to-date and include firewall protection.
One of the best ways to help prevent problems is to institute controls into your information system the same way you might in any other system; through methods, policies, and procedures.
Two distinct controls that will prevent problems is: general controls, which focus on the design, security and use of computer programs and data files, and application controls, which are concerned with the actual application programs.
Companies and government systems constantly use risk assessment to determine weak links in their physical building security. The same methodology can be used for the information system. Risk Assessments can be used to set up cost comparisons for developing and maintaining security against potential loss.
Because of the increasing liability for security breaches, many companies are now establishing a chief security officer, to help ensure the company maximizes the protection of information resources. Some access tools are: security policies, acceptable use policies, authorization policies, and authorization management systems.
Some other technologies and tools businesses that can be used for security and control include firewalls, intrusion detection systems, and encryption.
Bottom Line: While there is no surefire way to protect systems and data from every threat, great and small, businesses need to take a more company-wide approach to security. Every person in the organization, from CEO down, needs to be involved in security.
No comments:
Post a Comment