The place of computer security in the business

TEXT 1B.

Computer security is often seen as, and introduced as, a separate measure. Frequently the approach to computer security bears little relationship to the approach to security that may exist elsewhere in the organization.

Security should be applied as a consistent company policy which includes all business functions, as well as functions carried out on computer systems. Computer security should be an integral part of any organization’s approach to security.

Computer systems small and large, generally provide support to a business function which will have its own aims and strategy. Responsibility for the business functions lies with senior executives (usually), and the task of assuring the security and credibility of the business function is usually included in this responsibility. As business functions become increasingly dependent on small computer systems, the responsibility for their security should be recognized.

Frequently security is managed from too far down in the organization. The authority needed to induce a positive security commitment is therefore lacking. Security officers frequently do not have the authority to develop an effective policy, let alone implement and control it.

Security should be managed from a senior position in the organization, so that the security approach adopted can be evenly applied across the organization. Computer security can then be managed in this organizational context.

If you are not satisfied with your company’s general approach, seek first to introduce a security culture to provide the necessary context for computer security. This means devising and mounting a specific program for ensuring that the people concerned are aware of, and observe these new responsibilities.

Personnel faced with new security related tasks which at first sight seem more trouble than they are worth, will respond more positively if the new responsibilities are fully explained in terms of the organization’s business and security objectives. In effect, the end-user must be sold the benefits of security.

TEXT 1C.

ACCURACY OF SOFTWARE AND DATA.

It has long been recognized that the accuracy of software and data is critical in almost all phases of data processing. In most organizations information produced on large mainframe computer systems and the software used to handle such information has been subjected to extensive critical review and error-checking, both during system development and during normal processing.

This has enabled confidence to be placed in the quality of resulting information and other “products” of computer systems.

Smaller computers have made powerful computational and analytical tools available to users throughout many organizations. Increasingly important decisions are being made based on information processed by such systems. Unfortunately, there may be a reluctance to apply the same degree of care (and cost) in integrity assurance as is routinely applied for larger systems. Nevertheless, the formal and official appearance of printed materials which can be produced easily by even microcomputers can result in unwarranted confidence in the substance of such materials.

Дата добавления: 2015-03-29; Просмотров: 467; Нарушение авторских прав?; Мы поможем в написании вашей работы!