‘It is one thing to have ownership of your own computer systems but another to accept the responsibilities of ownership such as data integrity, security...

      

‘It is one thing to have ownership of your own computer systems but another to accept the
responsibilities of ownership such as data integrity, security and overall risk management ‘.
This statement was made by a member of the board of a leading company. Explain what the
statement means and indicate how the company can ensure that it‘s responsibilities of
ownership ‘are properly carried out

  

Answers


gregory
Privacy issues associated with sensitive data held on a computer system is an obviously
important consideration. The statement highlights three important aspects.
1.) Data integrity is the term used to describe the accuracy and correctness of data
during and after processing. Systems controls are designed into a system as procedures
to maintain the integrity of the data and are incorporated at all stages in the system's
operation. Typically systems controls perform the following functions:-
o Recognizing when problems occur
o Finding and eliminating errors
o Ensuring that all data is processed
o Maintaining the correct timing and
o Sequencing of input and output processing
o Restarting the system efficiently when a breakdown occurs or when data files
have been corrupted providing a record of all processing operations
2.) The security of information relates to all aspects of protecting information from
unauthorized access, sabotage, accidental loss or damage, fraud and physical damage.
Systems security seeks to provide protection against the following:-
o The security risk of unauthorized users gaining access to the system
o The accidental loss of data stored on computer files-for example due to
operator error or updating the file.
o The deliberate sabotaging of the system
o The risk of physical damage to computer files caused by dirt, water, fire
damage and explosion
3.) Managing the risk associated with computer security essentially involves reducing the
risk profile of the company to the lowest feasible level. Risk management involves three
stages:-
o Risk assessment - arises from a full examination of all security factors. It should
be noted that risk is a specific to an organization at a point of time and will
change as applications are changed, new hardware introduced etc.
o Risk minimization - is the action the organization takes when it has identified its
exposure to risk and is the most critical aspect of the exercise. The process is
often termed computer security and will cover a multitude of aspects such as
the provision of standby facilities and disaster recovery procedures.
o Risk Transference - recognizes that it is impossible to eliminate all risk however
effective the security is. The uncovered elements of risk can be transferred
through the medium of insurance to an insurer of data.
gregorymasila answered the question on February 15, 2018 at 16:42


Next: A software house produces a software package for the insurance industry. Purchases of the package have formed a very active user group which has lobbied...
Previous: In the context of computer-based transaction processing systems: - a. Describe their purpose; b. Describe two different examples of such systems in differing industries or services; c. What...

View More Computer Science Questions and Answers | Return to Questions Index


Exams With Marking Schemes

Related Questions