Monday, 5 February 2018

0

Security Procedures

February 05, 2018Prof. Brijendra Singh


Security Procedures

The best physical and technical methods are of little value if your employees do not use them properly. More important you can use procedural methods to conduct your overall business operations. At the same time, you can minimize the degree to which security measures interface with full, productive use of your computers.
Procedural security is a set of management and supervisory controls. It includes rules for the use of computers and data, and ways to detect unauthorized use.
  • Data input
  • Data processing
  • Program development
  • Output
  • Communication
  • Storage.
Procedural security covers the entire range of computer operations, it becomes an integral part of your business. You will consider it when hiring employees. Many operating controls will be based on security considerations. Auditing and supervisory techniques will be designed with security in mind. You can establish a secure computer system and back it up with adequate check and balances, as an everyday management activity.
Most procedural security measures are based on two established principles:
  • Make each employee personally accountable.
  • Make sure that it take more than one person to commit a fraudulent act.
If a sensitive transaction is being made, you should be able to identify the person responsible and hold that employee personally responsible for the results. 
A good procedural security program should include:

  • A written policy that spells out employee's responsibilities, provides a means to detect violations, and has enough management control to make sure it is properly implemented.
  • Management controls to make sure the policies are observed, make sure they keep up with the development of your computer systems.
  • Control over processes of computer use, and access to programs and data.
  • Regular tests of your security system, to make sure it is adequate and employees are observing the proper procedure.
  • A standard procedure to deal with anyone caught missing the system. This can range from minor disciplinary action to criminal changes if necessary. Be ready to take this action even if it might mean had publicity for the company.
  • Constant communication, management officials and members of the technical staff should stay in touch to discuss security needs and problems.

0 comments:

Post a Comment