Essay Available:
You are here: Home → Essay → Literature & Language
Pages:
2 pages/≈550 words
Sources:
Level:
Chicago
Subject:
Literature & Language
Type:
Essay
Language:
English (U.S.)
Document:
MS Word
Date:
Total cost:
$ 7.2
Topic:
Trusting Devices and Users (Essay Sample)
Instructions:
Content:
Institution:
Trusting Devices and Users
Name:
Supervisor:
Date:
Introduction
Computer systems security are key in any organization whether IT related or business since in this technological era, there is a lot of data and systems that propel these organizations. For professionalism purposes, most IT departments have developed controls of the organization’s systems to curb security breaches but analysis show that internal employees have in most cases been subverting the controls leading to severe consequences such as exposing the company’s data to internet threats. Organizations have lost huge sums of money due to security related fraud and some have closed down for the same reasons. This essay seeks to discuss and address as well as outline control issues that lead to security breach.
Issues with internal controls
As stated in the introduction, most organizations have internal controls but the problem comes to implementing, prioritizing and taking responsibility to maintain the controls. The effectiveness of the controls mostly depends on the competency and dependability of the users of the systems. In most cases, those with access to systems are not supervised and ridiculously the management may not be well conversant with the system processes in the organization. As a result the few individuals who have the access can manipulate the systems for their personal interests. A disgruntled employee may decide to commit crimes without the knowledge of the management.[. Gurpreet Dhillon, Information Security Management: Global Challenges in the New Millennium, (Hershey, Pa: Idea Group, 2001), 26]
Measures
As a security manager I would plan and implement several internal controls as far as security is concerned. First, it is important to not only establish security policies just like academics and practitioners but also formalize rules in form of policies that will help facilitate bureaucratic functions so that misunderstandings and ambiguities can be resolved. Secondly is segregation of duties in the IT department such that each system will have a certain individual in charge e.g segregating revenue systems from record ones. This will prevent a single individual from misappropriating company assets and later conceal by altering the relevant records. Thirdly, establishing an effective internal audit department that will address the weaknesses and problems with the design of the internal controls.
The audit department will prioritize its activities based on a risk analysis first from areas that are potentially more vulnerable to the business of the company. Procedures and policies will be developed to help ensure necessary actions are taken in attempt to address risks associated with achievement of organization’s goals. These activities include proper adequate records and documents, physical control and independent checks on performance. The management will be availed with information of what happens both in front and back offices.[. Detmar Straub, Seymour Goodman and Richard Baskerville, Information Security Policy,Processes, and Practices, (Armonk, N.Y.: M.E. Sharpe, 2008), 271]
According to Dhillon, "If your security policy is not written down, your organization has no security policyâ€. This is a r...
Trusting Devices and Users
Name:
Supervisor:
Date:
Introduction
Computer systems security are key in any organization whether IT related or business since in this technological era, there is a lot of data and systems that propel these organizations. For professionalism purposes, most IT departments have developed controls of the organization’s systems to curb security breaches but analysis show that internal employees have in most cases been subverting the controls leading to severe consequences such as exposing the company’s data to internet threats. Organizations have lost huge sums of money due to security related fraud and some have closed down for the same reasons. This essay seeks to discuss and address as well as outline control issues that lead to security breach.
Issues with internal controls
As stated in the introduction, most organizations have internal controls but the problem comes to implementing, prioritizing and taking responsibility to maintain the controls. The effectiveness of the controls mostly depends on the competency and dependability of the users of the systems. In most cases, those with access to systems are not supervised and ridiculously the management may not be well conversant with the system processes in the organization. As a result the few individuals who have the access can manipulate the systems for their personal interests. A disgruntled employee may decide to commit crimes without the knowledge of the management.[. Gurpreet Dhillon, Information Security Management: Global Challenges in the New Millennium, (Hershey, Pa: Idea Group, 2001), 26]
Measures
As a security manager I would plan and implement several internal controls as far as security is concerned. First, it is important to not only establish security policies just like academics and practitioners but also formalize rules in form of policies that will help facilitate bureaucratic functions so that misunderstandings and ambiguities can be resolved. Secondly is segregation of duties in the IT department such that each system will have a certain individual in charge e.g segregating revenue systems from record ones. This will prevent a single individual from misappropriating company assets and later conceal by altering the relevant records. Thirdly, establishing an effective internal audit department that will address the weaknesses and problems with the design of the internal controls.
The audit department will prioritize its activities based on a risk analysis first from areas that are potentially more vulnerable to the business of the company. Procedures and policies will be developed to help ensure necessary actions are taken in attempt to address risks associated with achievement of organization’s goals. These activities include proper adequate records and documents, physical control and independent checks on performance. The management will be availed with information of what happens both in front and back offices.[. Detmar Straub, Seymour Goodman and Richard Baskerville, Information Security Policy,Processes, and Practices, (Armonk, N.Y.: M.E. Sharpe, 2008), 271]
According to Dhillon, "If your security policy is not written down, your organization has no security policyâ€. This is a r...
Get the Whole Paper!
Not exactly what you need?
Do you need a custom essay? Order right now:
Other Topics:
- Legalization of Light DrugsDescription: The task was to write about legalizing of drugs and what it entails the whole idea of legalizing drugs...2 pages/≈550 words| Chicago | Literature & Language | Essay |
- Refusal of Treatment and "Mature" MinorsDescription: A “mature” minor in United States is believed to be someone below 18 years. This person is believed to have grown emotionally and socially but not to the full expectations...1 page/≈275 words| Chicago | Literature & Language | Essay |
- Financial Globalization Description: A discussion of the effects of financial globalization, especially on the emerging economies....11 pages/≈3025 words| Chicago | Literature & Language | Essay |
