Certain employees will always be placed in positions of trust, for example senior systems analysts, database administrators and information systems security managers. Such employees can...

      

Certain employees will always be placed in positions of trust, for example senior systems analysts, database administrators and information systems security managers.
Such employees can therefore, compromise the security of information systems if they so wish.
Required:
(i) Explain three control measures that an organization should institute over these employees and guarantee the security of the information systems.
(ii) Every individual in an organization has some opportunity to commit computer fraud.
The potential for which they can do so depends on a number of factors. Examine three
of these factors.

  

Answers


gregory
(i) These employees perform the following jobs.
Senior systems Analysts – he is the head of system analysts. These employees analyze the existing
system with a view to their computerization. They design systems and oversee their
implementation and review. They are actively involved in the upgrading of the system.
Database administrators – they ensure that the data in the database meets the information needs
of the organization involved in retrieving data and structuring reports, which are appropriate to
the organization.
Systems security managers – they are involved in ensuring the security of the system is not
compromised. They ensure that no outsiders or unauthorized persons access the information..
From the above information, it can be seen that these employees access valuable information and
if they are compromised then the firm can suffer. The following measures are put in place to curb
this.
1. Administrative controls – they include.
(a) Policies – policies outlining and requiring each employee to do certain things and not
others. Things not authorized to be done are threats to security.
(b) Administrative procedures – put by an organization to ensure that users only do what
they are authorized to.
(c) Legal provision – this serve as security controls by laying down legal penalties which
may be suffered in case of breaches in security.
(d) Ethics – a strict code of conduct by the organization to be followed by the employees
can boost security.
2. Logical security controls – these are measures incorporated within the system to provide for
security against the employee. This include the need of passwords to access any
information.
3. Physical controls – this include lockups. The offices should be locked at the end of the day
and no employee should access the others office. It also encompasses employing security
guards to prevent unauthorized access.
4. Rotation and Compulsory Leave – an employee should not be allowed to stay in one place
for long but should be rotated. Due to this threats of fraud are discovered in advance.
Compulsory leave should be given and work reviewed in case of any perceived threat on
security.
5. Good Remuneration – the employees should be paid well to guard against compromising.
(ii) Every individual in an organization can commit fraud. The potential of an employee
committing fraud depends on the following: -
1. Security – inadequate security and loopholes in the security system can be a potential
motivator to an individual to commit fraud. An employee who knows that he can commit
fraud without being found out would be greatly motivated.
2. Remuneration – individuals who are poorly paid are highly susceptible to committing fraud
to make their ends meet.
3. Company policies – if employees are aware that the organization policies are not stringent
then they are likely to be involved in fraud. Absence of policies like rotation of employees
or compulsory leave will be a driving factors as chances of being caught are low.
4. Ethics – the code of conduct of a company also play a major role. In organizations where
there is laxity then the chances are high that employees will engage in fraud.
5. Legal provision – where no legal sanctions are imposed, on the employees if found guilty of
fraud, they could engage in fraudulent activities.
gregorymasila answered the question on November 24, 2017 at 04:46


Next: What is emotional stress?
Previous: Ethical principals can help in evaluating the potential harms or risks in the use of information communication technology

View More Computer Science Questions and Answers | Return to Questions Index


Exams With Marking Schemes

Related Questions