Privacy issues associated with sensitive data held on a computer system is an obviously important consideration. The statement highlights three important aspects.
1.) Data integrity is the term used to describe the accuracy and correctness of data during and after processing. Systems controls are designed into a system as procedures to maintain the integrity of the data and are incorporated at all stages in the system’s operation. Typically systems controls perform the following functions:-
o Recognizing when problems occur
o Finding and eliminating errors
o Ensuring that all data is processed
o Maintaining the correct timing and
o Sequencing of input and output processing
o Restarting the system efficiently when a breakdown occurs or when data files have been corrupted providing a record of all processing operations
2.) The security of information relates to all aspects of protecting information from unauthorized access, sabotage, accidental loss or damage, fraud and physical damage.
Systems security seeks to provide protection against the following:-
o The security risk of unauthorized users gaining access to the system
o The accidental loss of data stored on computer files-for example due to operator error or updating the file.
o The deliberate sabotaging of the system
o The risk of physical damage to computer files caused dirt, water, fire damage and explosion
3.) Managing the risk associated with computer security essentially involves reducing the risk profile of the company to the lowest feasible level. Risk management involves three stages:-
o Risk assessment – arises from a full examination of all security factors. It should be noted that risk is a specific to an organization at a point of time and will change as applications are changed, new hardware introduced etc.
o Risk minimization – is the action the organization takes when it has identified its exposure to risk and is the most critical aspect of the exercise. The process is often termed computer security and will cover a multitude of aspects such as the provision of standfacilities and disaster recovery procedures.
o Risk Transference – recognizes that it is impossible to eliminate all risk however effective the security is. The uncovered elements of risk can be transferred through the medium of insurance to an insurer of data