CASE 7

COMPUTER SYSTEM SECURITY

1. Human Error
Errors and the omissions are the great threats to the integrity of the data and the computer system. Data entry operators, programmers, system administrators often make errors that can compromise the system’s security. The effect of the various security threats caused by the human errors varies. Employee’s training and awareness training should be given to the employees to avoid such kinds of errors that can lead to the financial losses for a company.

2. Dedicated Computers
In an business or organization, it is advisable to use only one computer to save important and sensitive information. When several computers hold different pieces of important data, the possibility of someone or something gaining access to the information increases.

3. Keep a checklist for the decommissioning process
Keeping a checklist for the decommissioning process will help to make sure you don’t forget a step at any point. This can be especially important when dealing with many, many computers at once, such as when an entire department is shut down — but it’s important the rest of the time, too. Don’t rely on the checklist to do your thinking for you. Consider every detail of the system in question, its uses, and any potential dangers for security that come to mind. Add new measures to the checklist when you come up with a threat you have to deal with that may be relevant again at a later date; not everything on the checklist has to apply in every case for it to be a valuable addition to the checklist.

4. Develop competent internal technical support personnel
Develop competent internal technical support personnel who can help others to conduct basic activities on the computers and who can call outside consultants for troubleshooting when needed. Have one or two internal people who are designated as technical support contacts for other staff members. Instruct staff to report all problems to the internal technical support people. In that way, the internal people are aware of all problems and are more likely to detect oncoming problems as early as possible. They also become better trained at detecting and diagnosing problems.

5. Chat Line and Message Board Warnings.
Never release personal information on chat lines or message boards. This is one way many identity thefts occur.

6. Record all important phone numbers
It is very important to records all important phone numbers for technical support consultants or contacts and this will help to ensure that the staff can find these numbers when needed.

7. Keep all software documentation
Keep all software documentation, such as manuals and guides, stored in a central location where staff can find them. Post a sheet on the wall so they can check documents out and for control to ensure they are returned.

8. Keep the serial numbers of all software packages
Serial numbers of all software packages must be keep in a clearly visible place for ease of reference when calling the software vendor's technical support.

9. Develop a disaster recovery plan.
The plan should address contingencies. It should include procedures to respond to, e.g., if a disk crashes, if the computer quits working, if the network is down, if the building is somehow destroyed, etc.

10. Secure Lines
Voice over Internet Protocol (VoIP) certainly has advantages for a business, but it may not be the best communication in terms of security. The nature of VoIP exposes data transmission and information to third parties. Using a dedicated, secure line guarantees a business a layer of protection that other communication choices compromise.