Information Systems Security

Information and information systems need to be controlled. A key aspect of control is that an information system should be secure. This is achieved through security controls. Information security ensures that information is only read, heard, changed, broadcast, and otherwise used by people who have the right to do so. Information systems need to be secure if they are to be reliable. Since many businesses are critically reliant on their information systems for key business processes (e.g. websites, production scheduling, transaction processing), security can be seen to be a very important area for management to get right.

What can go wrong?
Data and information in any information system are at risk from:
· Human error: e.g. entering incorrect transactions; failing to spot and correct errors; processing the wrong information; accidentally deleting data.
· Technical errors: e.g. hardware that fails or software that crashes during transaction processing.
· Accidents and disasters: e.g. floods, fire.
· Fraud – deliberate attempts to corrupt or amend previously legitimate data and information.
· Commercial espionage: e.g. competitors deliberately gaining access to commercially sensitive data (e.g. customer details; pricing and profit margin data, designs).
· Malicious damage: where an employee or other person deliberately sets out to destroy or damage data and systems (e.g. hackers, creators of viruses).

Business Benefits Of Good Information Security
Managing information security is often viewed as a headache by management. It is often perceived as adding costs to a business by focusing on “negatives” – i.e what might go wrong. However, there are many potential business benefits from getting information system security right: for example:

If systems are more up-to-date and secure – they are also more likely to be accurate and efficient Security can be used to “differentiate” a business – it helps build confidence with customers and suppliers.

Better information systems can increase the capacity of a business. For example, adding secure online ordering to a website can boost sales enabling customers to buy 24 hours a day, 7 days a week By managing risk more effectively – a business can cut down on losses and potential legal liabilities.

Theft and insecurity are everywhere, Information System Security (ISS) is the protection of an individual, corporate or governmental organization’s investment in cyberspace (Information super high way) against cyber theft, phishing, and malicious attack(s).