Legal aspects

Legal Aspects

An organisation must take active measures to ensure the security of its information systems. Such systems are more vulnerable than paper based systems because:

• The large amount of data processed makes manual backup impracticable and may result in errors being overlooked
• Data can be changed without any obvious trace being left of the change.
• A large number of people may have access to the system and it may be possible for unauthorised users to access the system remotely.
• The system is developed and maintained by experts. The people using the system are reliant on the user interface. What is actually happening may be understood by only a few of the technical staff.
• The consequences of system failure are usually far more serious than the loss of data in a manual system.
• Data is likely to pass through a large number of processing stages than would be the case in a manual system. Controls are needed at each stage to prevent error or abuse.

An organisation, dependent on its information system, needs to take active steps to ensure the integrity of the system by implementing an Information Technology Security Policy. Such a policy is a mechanism for establishing agreed standard for controlling the operation of the information system in a secure way. The policy will outline procedures to be followed, detail the responsibilities and accountabilities of individuals. In addition the policy will make clear the disciplinary procedures and penalties for non-compliance with the policy. The policy then becomes a management tool for ensuring the secure operation of the MIS.

Management will need to ensure that employees are aware of the IT Security Policy and that they comply with its requirements. Awareness can be raised by staff training and by ensuring the proper supervision of staff.

© LEV