The success of each system is measured by the basis of its internal and external security.
The system analyst uses many tactics to prevent the data from damage or loss which include back up facility, the facility of data recovery in the case of system crash and using password and encryption for preventing the unauthorised and illegal access to information.
Now-a-days, the newspapers, t.v., magazines all are full of the information regarding the illegal access to the computer, viral attack, the cheating done using the computer, and other events.
It is the task of an analyst to design a security system which can prevent loss, mistakes and unauthorised access to data. The level of security in any system depends upon the movement of data, the reliability of the user and the complexity of the system.
In system security the tasks related to prevention of sudden losses occuring due to the pre-set fears are performed by the technical development of hardware and operating system and working process. In contrast to it the work related to the appearance and
change, prevention from destruction of data are also performed by system security. System integrity means the proper functioning of hardware and program in the system, necessary physical security and security from latent fears like external apprehension
and fear.
Privacy gives this right to the user and organisation whether they want to share the knowledge or information with each-other.
Errors and omissions are of several types. Some cast astonishing but short time effect, such as in telebanking and banking provided by netbanking, often money is transferred to a wrong person, however in a very short period this error is rectified.
A dishonest programmer can byepass his program control and authorise his transaction.
Fire and other man made disasters can affect the system by hindering system power, air conditions and essential power supply.
Natural calamities include flood, storm, strike of lightning and other disasters. There are no ways of preventing such occurences, but there are some ways of protecting the computer system.
Personal computer is considered to be one step behind with regard to accounting control.
Risk analysis is not a successful plan. It only intimates about the users' exposures, their related cost and control measures. A special risk analysis matrix helps determine the steps taken by the designer and how soon these steps should be taken.
After evaluating the risks of system security, the next task is to select measures that protect from these external and internal dangers and fears. These measures, generally, are divided into four parts, which are Identification, Access control, Audit controls and System integrity.
Password is very much in use. It is used to identify the persons and give them authority or permission.
The security is lacking mostly at the time of installing the system. Many users by copying the difficult password or by giving their password to their friends provides them probable unauthorised access.
Some others, such as by voice and fingerprint, persons can be identified. Fingerprints are generally used in law enforcement. This is not good for MIS system. On the other hand, Voice print is now in use to identify the authorised user. In voice print system the persons are identified by comparing their voice with their earlier recorded voice.
Many measures have been taken to access computer data. One measure is the use of encoded card system with log keeping capacity.
Encryption is an effective method of providing security to data transmission on the telephone lines.
Most of today's encryption is based on National Bureau of Standards Encryption Alogarithm which is known as Data Encryption Standard.
Computer control can be created for personnel embezzlement and forgery. For ex-ample the use of program should be authorised and documented. Other programs and database files should be stored in the library and accessed when required.
Audit Control protects the system from the violation of external security and internal forgery or embezzlement.
The most vulnerable point of the system is M.I.S. department. The programmers can pirate, modify and even sell the softwares for their personal benefits.
System integrity is the third step of security which concentrates on the function of operating procedures, hardware, database and supportive software and physical security.
Program error is the most expensive software loss. It is possible to eliminate such mistakes with the proper testing routines. Parallel implementation should be imple-mented wherever possible.
The lost or destroyed database is generally, retrieved by rollforward or rollback process. In rollforward processes, to create the current version of database, the first acceptable copy of the database is to be updated with the change.
Comments
Post a Comment