2016年ACCAP3知識點：INFORMATION TECHNOLOGY（六）

ACCA P3考試：INFORMATION TECHNOLOGY

Online, real time systems can pose particular risks because any number of employees could be authorised to process certain transactions. Anonymity raises the prospect of both carelessness and fraud so it is important to be able to trace all transactions to their originator. This can be done by requiring users to log-on and then tagging each transaction with the identity of the person responsible. Logging on should require passwords and it is important that members of staff keep these confidential. Many business systems enforce a rule that requires passwords to be changed every few months. This is fine in theory, but to remember their changing passwords many users start to write them down – a potential breach in security. Increasingly, biometric measurement, such as fingerprint or retina recognition, can be used to control access.

Log-in security, whether through passwords or biometrics, also helps to control both processing and access to data. Each user is provided with tailored rights that allow them to see only certain data, change only certain data and to carry out only specified processing.

CONCLUSION

This article has mentioned encryption, firewalls authentication and access controls. It is important to realise that even with these measures in place that organisations can be damaged by lapses in computer security. For example:

• November to early December 2013, Target Corporation (turnover around $70bn) announced that data from around 70 million credit and debit cards was stolen.

• April 2011, Sony experienced a data breach within their Playstation Network that the information of 77 million users was compromised.

• May 2014, Ebay announced that three months earlier that information (including passwords, email addresses, birth dates, mailing addresses and other personal information) relating to 145 million users had been stolen. Ebay states that the information was encrypted and there is no evidence that is has been decrypted (yet).

Cyber-espionage is also a growing threat. Governments, competitors and criminals attempt to steal intellectual property or information about customers and contracts. Quite obviously the theft of valuable know-how will undermine a company’s competitive advantage and it is essential that for organisations to defend themselves as far as possible against these threats.

Ken Garrett is a freelance lecturer and writer