CONTROLLING INFORMATION SYSTEMS

Reasons Errors do occur in computer-based systems Computers have been used for fraudulent purpose Computer systems and their software and data resources have been accidentally or maliciously destroyed

Effective Controls make: To ensure information system security that is the accuracy, integrity, and safety of information systems activities and resources Minimize errors, fraud, and destruction in an information services organization Provide quality assurance for information systems Reduce the potential negative impact

Categories of Control Information system controls Procedural controls Physical facility controls

Information System Controls Ensure proper methods data entry, processing techniques, storage, and information output. Identify incorrect, invalid, or improper input data as it enters the computer system Processing controls are developed to identify errors in arithmetic calculations and logical operations

Procedural Controls: Help an organization maintain the accuracy and integrity of operations and systems Sketch out the duties of systems development, computer operations, and control of data and program files Standard procedures promotes uniformity and minimizes the chances of errors and fraud.

Physical Facility Controls: Protect physical facilities and their contents from loss or destruction. Computer centers are subject to such hazards as accidents, natural disasters, sabotage, vandalism, unauthorized use Protect the hardware, software, and vital data resources of computer using organizations. Formal backup and recovery procedures. Training at least two people in the operation and maintenance of any critical system

INFORMATION SECURITY

Meaning Means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction Incorporate a range of policies, security products, technologies and procedures. A set of procedures and systems needs to be applied to effectively deter access to information.

Role of Hackers: Hackers are the people who break through information security systems. They use their technological skills to break into computer systems and access private information They bypass firewall with the right hardware. This makes loss of vital information, or a virus could be planted and erase all information They gain access to a network if a firewall is shut down for only a minute.

Role of an organization related to information security issues: Must protect their information from loss Protecting valuable asset, such as tangible property, equipment, money, or staff by developing SOPs. Protect against accidental or malicious unauthorized disclosure, modification, or destruction or inability.

Basic Principle of Information Security: Confidentiality Integrity Availability Trust Ethicality

COMPUTER CRIME

DEFINITION Criminal activities which involve the use of information technology To gain an illegal or an unauthorized access to a computer system with intent of damaging, deleting or altering computer data Activities such as electronic frauds, misuse of devices, identity theft and data

Types of Computer Crimes: Hacking: The activity of breaking into a computer system to gain an unauthorized access is known as hacking Phishing: Phishing is the act of attempting to acquire sensitive information like usernames, passwords and credit card details. Computer Viruses: Viruses spread to other computers through network file system, USB drives and CDs

Crimes (Continued…) Cyber-stalking: Torture individuals through Internet by means of chat rooms, on-line forums and social networking websites, obscene emails, abusive phone calls. Identity Theft: Involves stealing money and obtaining other benefits through the use of a false identity. Illegal migration, terrorism and blackmail