Information System Security

Information System Security

2006 Information System Security

1 . Introduction

1 .1 Security and Accounting Scandals

Technically , digital technology is the result of manipulation of analog data in to provide enhanced services and thus quality of information transfer . The emerging technology no wonder has created many opportunity for consumers all around the world since they can share information by performing several clicks by using their mice , store data in small storage like flash disk and CDs and many others

However , besides the benefits of improved information technology for commerce and

other business situations , there are also people aim at destroying the current situation by creating malicious ware (malware and spyware

According to one report from Forrester Research , such growth is in line with the fact that there are at least 65 of businesses at all sizes confirm to spend their money in protecting their systems from malicious software programs in 2005

In addition , the recent cases on accounting scandals highlight the importance of using IT to prevent any possible fraud in accounting practice and in business , in general . Concerning the situation , the U .S Government set up 2002 Sarbanes-Oxley Act (SOA ) and 2003 SEC final rule that aim at changing the way auditing profession does its business There are three changes in the accounting practice as following

There is a basic change in regulating accounting industry from previously primarily self-regulated environment to public regulation approach

New independence rules and regulations significantly rule out the audit engagement

New independent public oversight board (PCAOB ) has rights to monitor audit process , auditing standards , and disciplinary measure on auditors .Information Technology and Its Role on Accounting Practices

As a supporting tool , information systems support prompt reporting automated controls , highlighting of exceptions and transparency of financial management processes . For this reason , the board should aware of how business executives use information (Erickson , 2003

While good IT systems do not guarantee that there is violation , at least IT can provide safeguards and help build a culture of attention to information , including its timeliness , accuracy and communication

Referring to Enron case , since the manipulation involves several documents , stored in digital format , it is obvious that investigators will employ digital-savvy to retrieve such hidden data to obtain any supporting evidence

Andrew Rosen , president of ASR Data Acquisition Analysis that is one of three data-recovery companies working on the case , says that to my knowledge , Enron will be the largest computer forensics investigation ever since investigators will pore through 10 ,000 computer backup tapes 20 million sheets of and more than 400 computers and handheld devices . The electronic data is up to 10 times the size of the Library of Congress (Iwata , 2002

Concerning the security issue of e-commerce , this will discuss about information system security specifically about the challenges faced by companies /organizations to build /maintain secure information systems as required by recent legislation (HIPPA , Sarbanes-Oxley Gramm-Leach-Bliley , HSPD-12 . In addition , we will also discuss about the criminal /financial implications if companies fail to meet the requirements...