Trusting Devices and Users Essay - 550 Words

Trusting Devices and Users (Essay Sample) Content: Institution:Trusting Devices and UsersName:Supervisor:Date:IntroductionComputer systems security are key in any organization whether IT related or business since in this technological era, there is a lot of data and systems that propel these organizations. For professionalism purposes, most IT departments have developed controls of the organizationà ¢Ã¢â€š ¬s systems to curb security breaches but analysis show that internal employees have in most cases been subverting the controls leading to severe consequences such as exposing the companyà ¢Ã¢â€š ¬s data to internet threats. Organizations have lost huge sums of money due to security related fraud and some have closed down for the same reasons. This essay seeks to discuss and address as well as outline control issues that lead to security breach.Issues with internal controlsAs stated in the introduction, most organizations have internal controls but the problem comes to implementing, prioritizing and taking responsi bility to maintain the controls. The effectiveness of the controls mostly depends on the competency and dependability of the users of the systems. In most cases, those with access to systems are not supervised and ridiculously the management may not be well conversant with the system processes in the organization. As a result the few individuals who have the access can manipulate the systems for their personal interests. A disgruntled employee may decide to commit crimes without the knowledge of the management.[. Gurpreet Dhillon, Information Security Management: Global Challenges in the New Millennium, (Hershey, Pa: Idea Group, 2001), 26] MeasuresAs a security manager I would plan and implement several internal controls as far as security is concerned. First, it is important to not only establish security policies just like academics and practitioners but also formalize rules in form of policies that will help facilitate bureaucratic functions so that misunderstandings and ambigui ties can be resolved. Secondly is segregation of duties in the IT department such that each system will have a certain individual in charge e.g segregating revenue systems from record ones. This will prevent a single individual from misappropriating company assets and later conceal by altering the relevant records. Thirdly, establishing an effective internal audit department that will address the weaknesses and problems with the design of the internal controls.The audit department will prioritize its activities based on a risk analysis first from areas that are potentially more vulnerable to the business of the company. Procedures and policies will be developed to help ensure necessary actions are taken in attempt to address risks associated with achievement of organizationà ¢Ã¢â€š ¬s goals. These activities include proper adequate records and documents, physical control and independent checks on performance. The management will be availed with information of what happens both in f ront and back offices.[. Detmar Straub, Seymour Goodman and Richard Baskerville,ÂInformation Security Policy,Processes, and Practices, (Armonk, N.Y.: M.E. Sharpe, 2008), 271] According to Dhillon, "If your security policy is not written down, your organization has no security policyà ¢Ã¢â€š ¬Ã‚ . This is a r...