According to Hawker (151), IT Security and Control include physical, logical, and administrative measures organizations put in place to ensure data integrity, confidentiality, and availability to authorized users. Information systems avail data to authorized users through validation and verification procedures. In addition, data integrity standards should be enforced when data is being transmitted to prevent it from unauthorized access, intentional or accidental modifications, or malicious damage.
Comprehensive approaches subject organizations’ information systems to regular security checks in addition to system audits (Peltier 2). Regular system audits ensure that responsible organizational managers are able to track users and establish any potential sources of malicious attacks or unauthorized access. These measures are implemented within and outside organizational boundaries.
Organizations benefit from IT Security and Controls by integrating and aligning them to organizational goals and objectives. Peltier (1) argues that organizations have defined standards, policies, and procedures for implementing security measures and controls to prevent data loss or damage. Information can be sold or mined to enable radical decisions to be made.
Peltier (2) argues that users should form informed decisions on system usage when login sessions commence and should be made aware that they are being monitored.
Peltier (11) asserts that security and control measures such as firewalls implemented at different levels, risk analysis, encryption of data using different techniques, e-mail and other communication policies ensure that organizational information is kept confidential and made available to the intended parties.
Firewalls filter outgoing and incoming data to ensure no corrupt data, or malicious software or computer programs access an organization’s information system.
Organizations impose administrative controls on data, which is a valued asset, at different levels to ensure accountability and responsibility for system users. This may include passwords verifications and access rights’ mechanisms. Data integrity is maintained organization-wise.
Logical controls ensure firewall protection for outbound and inbound data. An organization may not be at risk of loosing sensitive information to the outside when software is installed to control access to information in addition to implementation of access privileges to system users.
Organizations benefit from the use of physical controls by enforcing policies such as the use of cameras and a clear definition of duties. Thus organizational activities are monitored to avoid potential incidents and threats to data corruption, espionage, and damage.
Information is a valuable asset to any organization. It should be managed well. Gertz, Guldentops, and Strous (27) asserts that the movement of traffic in both directions enables a system performance evaluator to determine the vulnerability of system components and controls.
Such performance measures can also be evaluated against the policies and objectives of an organization. Deviations from established benchmarks determine the degree to which performance of the information security controls are effective (Gertz, Guldentops, and Strous 57).
Other measures include the use of software tools to evaluate performance standards of networked computer systems in addition to conducting tests to evaluate effectiveness of system security. A performance evaluation plan is developed by an organization and tests conducted against benchmarks to identify security loopholes.
Information security and controls should be embedded in an organization’s culture at personal and organizational levels. Tests should be consistent with organizational, management security control goals, and objectives (Gallegos, Senft, Manson, Daniel and Gonzales, 124).
References
Gallegos, F., Senft, S., Manson, D P., & Gonzales, C 2004. Technology Control and Audit (2nd ed.). Auerbach Publications.
Gertz, M., Guldentops, E., & Strous, L 2001. Integrity, Internal Control and Security in Information Systems: Connecting Governance and Technology Web.
Hawker, A 2000. Security and Control in Information Systems: A Guide for Business and Accounting Web.