.
Threats to information security
Original Author: Sahar
-
Summary rating: 3 stars
(3 Ratings)
-
Visits : 740
-
words:900
-
Comments
:
0
THE heightened vulnerability of automated data has created special concerns for its builders and users. These concerns
include disaster, security and administrative errors.
Disaster
Computer hardware, programs, data files and other equipment can be destroyed by fires, power failures or ochre disasters. It may take many years and millions of rupees to reconstruct destroyed data files and computer programs and some may not even be replaced.
If an organisation needs them to function on a day-to-day basis, it will no longer be able to operate. This is why companies employ elaborate emergency back-up facilities and use duplicate mainframes, network pathways, terminals and power supplies. They may also use a duplicate data centre to handle their transactions and to serve as an emergency back-up for its primary data centre.
Rather than build their back-up facilities, many firms contract with disaster recovery firms. These disaster recovery firms provide hot sires housing spare computers at locations around the country where subscribing firms can run their critical applications in an emergency.
Disaster recovery services offer back-up for client/server systems as well as traditional mainframe applications.
Security
Security refers to the policies, procedures and technical measures used to prevent unauthorised access, alteration, theft or physical damage to information systems.
Security can be promoted with an array of techniques and tools to safeguard computer hardware, software, communications networks and data.
Errors
Computers can also serve as instruments of error, severely disrupting or destroying an organisation’s record keeping and operations.
Errors in automated systems can occur at many points in the processing cycle: through data entry, program error, computer operations and hardware.
System quality issues
In addition to disasters, viruses, and security breaches, defective software and data also pose a constant threat to information systems, causing untold losses in productivity.
An undiscovered error in a company’s credit software or erroneous financial data can result in losses of billions of rupees.
Bugs and program code defects
A major problem with software is the presence of hidden bugs or program code defects. Studies have shown that it is virtually impossible to eliminate all bugs from large programs. The main source of bugs is the complexity of the decision-making code. Even a relatively small program of several hundred lines will contain tens of decisions leading to hundreds or even thousands of different paths.
Important programs within most corporations are usually much larger, containing tens of thousands or even millions of lines of code, each with many times the choices and paths of the smaller programs. Such complexity is difficult to document and design — system designers document some reactions wrongly or fail to consider some possibilities.
Studies show that about 60 per cent of errors discovered during testing are a result of specifications in the design documentation that were missing, ambiguous, in error or in conflict.
Zero defects, a goal of the coral quality management movement, cannot be achieved in larger programs. Complete testing simply is not possible. Fully testing programs that contain thousands of choices and millions of paths would require thousands of years. Even with rigorous testing, one could not know for sure that a piece of software was dependable until the product proved itself after much operational use.
The maintenance issue
Another reason that systems are unreliable is that computer software traditionally has been a nightmare to maintain. Maintenance, the process of modifying a system in production use, is the most expensive phase of the systems development process. Why? One major reason is organisational change. The firm may experience large internal changes in structure or leadership or change may come from its surroundingenvironment.
These organisational changes affect information requirements. Another reason appears to be software complexity, as measured by the number and size of interrelated software programs and subprograms and the complexity of the flow of program logic between them.
A third common cause of long-term maintenance problems is faulty systems analysis and design, especially analysis of information requirements.
If errors are detected early, during analysis and design, the cost to the systems development effort is small. But if they are not discovered until after programming, testing, or conversion has been completed, the costs can soar astronomically.
Poor data quality
The most common source of information system failure is poor data quality. Data that are inaccurate, untimely, or inconsistent with other sources of information can create serious operational and financial problems for businesses.
Companies cannot pursue aggressive marketing and customer relationship management strategies unless they have high-quality data about their customers.
Published: March 04, 2007
More summaries by Sahar Majid
More