Opportunities
Natural disasters such as fires and earthquakes can strike at any time. A spilled cup of coffee can also do some damage! Waiting until disaster strikes isn't the best time to figure out how to recover your systems. Smart organizations create a disaster recovery plan ahead of time and/or use firms specializing in disaster recovery.
Management Challenges
There's a reason why we explain all those methods and procedures and processes in future chapters for building good, solid information systems. They ensure system quality so that the product produced by the system is as good as it can be.
Designing Systems that are Neither Over-controlled nor Under-controlled
You should be realistic about security and system controls. If you institute five layers of entry into your Web site, people probably won't use it that much. They'll either ignore it or find a way around your controls. You have to analyze the system and determine those areas that should receive more security and controls and those that probably can use less. You probably don't want to go to the expense of checking absolutely every transaction that is entered into the system, so you check a sampling of the data. Just make sure the sampling is large enough to detect any exceptions.
Implementing an Effective Security Policy
Does your company devote enough resources to information systems security? If your company is like the majority, sadly the answer to that question will be no.
Solution Guidelines
While there is no surefire way to protect systems and data from every threat, great and small, businesses need to take a more firm-wide approach to security. Every person in the organization, from the CEO down, needs to be involved in security. Organizations must control access through firewalls, transaction logs, access security, and output controls. Software programs that track "footprints" of people accessing the system can be a good way to detect intruders, what they did, what files they accessed, and how they entered your system initially.
A few methods an organization can use to beef up security are:
· What firm resources are the most critical to control and secure?
· What level of system downtime is acceptable?
· What is the minimum acceptable level of performance for software and systems?
· How much is the business willing to invest to protect its information assets?
NOOPUR GARG
BBA/4536/07
Comments