COMPUTER SECURITY/THREATS

Computer Security/Threats

Computer Security/Threats

Security/Threats

Beyond securing the money and producing financial statements, the accountant has an important responsibility in assuring the security of the computer system. Poor security makes a company vulnerable to a wide assortment of injuries impacting on the bottom line. (Brunner, Shockwave , 2005, 11-14)

Security/Threats - Issues

Threats and Attacks on Computer Technology

Every day there are reports in accounting and financial publications about computer related data errors, incorrect financial information, violation of internal controls, thefts, burglaries, fires and sabotage. Although considerable efforts have been made by practicing accountants to reduce vulnerability to such events, an increased effort is required. Weak computer security and lack of internal controls tremendously increases an organization's vulnerability to:

Commission of fraud;

Theft of electronic information;

Theft of physical information, such as printed outputs or computer disks/tapes;

Invasion of privacy;

Damage to computers and peripherals;

Interception of communications;

Illegal recording of electromagnetic emanations from computers and peripherals;

Unintentional data errors due to carelessness or negligence;

Loss of information integrity through unauthorized alterations and modifications to data;

Sabotage by disgruntled employees or competitors; and a simple

Power failure. (Brunner, Shockwave , 2005, 11-14)

Computer insurance policies may be taken out covering such areas as theft, fraud, intentional destruction and forgery. Business interruption insurance covers lost profits during downtime. Insurance should also cover computer equipment in transit.

A risk analysis should be performed in planning computer security expenditures. Computer security risks fall into one of three major categories: destruction, modification and disclosure. Each may be further classified into intentional and unintentional acts.

Computer technology is under constant attack. The threat comes from computer criminals and disgruntled employees who intend to defraud, sabotage and "hack" and computer users who are careless or negligent. Finally, the threat may come from the environment. An organization must plan to protect itself from natural disasters such as fire, flood and earthquakes. An effective security plan must consider all three types of threats: intentional attacks, unintentional attacks and environmental attacks. What is the company's degree of risk exposure? (Brunner, Shockwave , 2005, 11-14)

Security measures should become a part of the daily routine of the employees and the employees must considered these measures to be meaningful. Security procedures must represent a minimum of inconvenience. For example, admittance through secure doors should not be a major hindrance or time consuming; otherwise, individuals will find a way to bypass the security system. But at the same time,while security measures must represent minimum intrusion, they must be effective at hindering unauthorized access.

Financial Loss and the Cost-Benefit Criterion

The danger of financial loss to a company can be greatly reduced through increased computer security. In the long run, not investing in appropriate security measures can prove to be far more expensive for a company than investing in the appropriate security measures. It would even be appropriate for a company to consider the cost of investing in computer security as a form of insurance. The accountant must insist on security and controls within their own business and in their ...