Chapter 8 The Role of Information PDF

THE BUSINESS ENVIRONMENT SYNOPTIC The role of information Introduction This chapter identifies the role that information plays in the work of the finance function, before moving on to look at the importance of data and information security. This chapter considers some of the major risks to the security of manual and computerised systems and data, including cybersecurity, and distusses the controls available to reduce or eliminate these risks. ASSESSMENT CRITERIA CONTENTS 7.1 The role of information in 1 Information in the work of the work of the finance the finance function function 2 The importance of data and 7.2 The importance of data and information security information security KAPLAN PUBLISHING 143 The role of information: Chapter 8 Information in the work of the finance function 1.1 Useful information Information needs to be useful if it is to enable the finance function and other parts of the organisation to operate efficiently. If information is not useful, the time and cost incurred in preparing to the information will have been incurred for no benefit, and may even be detrimental if control and decision-making is based upon that information. The characteristics of useful information are: comparable — this enables the users of information to make meaningful comparisons with equivalent information relating to a previous accounting period, a budget or forecast or a competitor. consistent — this relates to consistency in both the basis of calculation or estimation and in the presentation of the information. understandable — this relates to the method of presentation and classification of information, along with the language used. If information is not understood by the user then it will have no benefit, or worse, be misunderstood and be detrimental to decision-making and control. relevant and reliable — information is relevant if it is likely to affect the decision-making of the information user and is reliable if it has been calculated or estimated in an appropriate manner. timely — information is timely if it is available when required for the purposes of control and decision-making in the organisation. To illustrate the characteristics noted, consider the annual plant and equipment depreciation charge for an organisation. Normally, a consistent accounting policy for calculating the annual depreciation charge is adopted e.g. 20% per annum using the straight-line basis. Calculating depreciation consistently will also make it easier to compare the depreciation expense year-on-year. Checking the calculations and application of any assumptions made would help to confirm their accuracy and reliability. 144 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Understandability could be improved by providing written explanations of the method and rate of depreciation used. Depending upon who the user of that information is, the amount of detail, and the wording used should reflect the needs of that specific user. For example, if supplying information to a colleague in the finance function, technical language and little explanation may be required as they will understand the subject matter. However, if supplying the information to a non-financial person (such as a production manager), it may require additional explanation, avoiding technical language or jargon as far as possible. Finally, information must be available when it is needed to help managers with control and decision-making — it must be timely. Of course, estimates such as the useful life of plant and equipment may need to be revised over time in order to ensure that the information remains relevant and reliable. Such a change might impact on the users' understanding and the comparability of the information over different time periods. We will need to address this issue by ensuring appropriate communication of the change and its implications for the depreciation charge recognised. 1.2 The use of digital technologies The use of digital technologies to collect, process and disseminate data and information is increasingly common in most organisations, irrespective of their size. Even the smallest organisation may use laptops, tablets and hand-held devices to capture, process and classify financial data into useful information, but the nature, extent and sophistication of digital technologies used will depend on numerous factors including the nature of the business's activity, the data available and the size and resources of the organisation. The advantages of digital capture, processing, storage and dissemination of data include: reduced operational costs human error is reduced, improving the quality of data rapid and easy capture of data improved security of data improved ease of access to those requiring the data, including multiple or remote users improved ability to track and analyse data resulting in improved management and control environmental and commercial benefits from using less paper, saving on purchase and storage costs whilst also reducing the adverse impact on the environment resulting from paper manufacturing, storage and disposal. KAPLAN PUBLISHING 145 The role of information: Chapter 8 The disadvantages of digital data capture include: the capital cost of acquiring or developing the software, apps or acquiring the licences required. As the use of these technologies becomes more common these costs are falling particular where organisations use `off-the-shelf technologies. staff training costs and competencies required to use and understand the processes involved reliance upon systems that may crash or be unavailable for any reason, particularly if staff do not have the underpinning knowledge and understanding of systems and processes to recreate information manually security of data may be compromised by e.g. hackers or corrupted software loss or inadequacy of tracking and analytical capability to meet user needs. Many organisations use hand-held devices to record the initial receipt of inventory from a supplier, and its movement during the manufacturing stage through to the despatch to the customer. Frequently, customers are asked to sign for receipt of goods on a hand-held electronic device. Retailers, in particular, make use of such technology as members of staff can advise customers of the availability of specific items, or whether it can be sourced from another location. Digital technology is used by a range of organisations in a number of ways. M&S have trialled an in-queue checkout with a member of staff using a hand-held device to scan purchases and take card payment to speed up the process of customers paying for purchases. Ikea has in-store touchscreens for customers to access product details, availability and ordering. Nike's `Speed Shop' which enables online ordering and reserving, accessing the product via an in-store locker using the customer's smartphone to access the product selected and then try on and, if purchased, take payment without interaction with anyone else. Ocado's business model fundamentally depends upon customers being able to order goods online, make payment, have delivery to a nominated address and book a delivery slot. Amazon Fresh in high street locations enables users of the Amazon app to select goods off-the-shelf and payment is automatically deducted via the app without the need to queue or pay for the goods at a till. 146 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Audi has a `build your car' facility within its website that customers can use to review and choose the model and customisation of a car purchase. Many service providers, such as dentists, opticians and general practitioners have online booking and treatment recording services. Accountants use `data analytic' software, allowing them to import data from a client's finance system and analyse it to identify unusual (and hence risky) transactions or balances and investigate those that are most significant to the client's financial statements. 1.3 Cloud accounting Definition Cloud accounting is an accounting system that is accessed through the internet. This contrasts with desktop-based systems which require regular software updates and back-up procedures. Advantages of cloud accounting include: the ability to access data anywhere and at any time from multiple locations access to real-time information, rather than having to wait for processing and output always uses the latest version of software the functionality to use analytical tools, either within the cloud accounting software itself, or provided via third party apps and tools the ability to grant secure access to data and information to trusted third parties e.g. the organisation's auditor or financial advisor connection to bank accounts to enable payments to be made e.g. periodic VAT payments, or to enable customers to pay for goods and services. Disadvantages of cloud accounting include: reliance upon the speed and reliability of internet connections lack of customisation software so that only `standard' packages are available which may not precisely meet the needs of the organisation lack of data security, particularly if it contains information that is regarded as confidential or sensitive, such as the personal details of customers and bank account information lock-in' to one system which may prevent or deter transfer to another provider of cloud accounting services. KAPLAN PUBLISHING 147 The role of information: Chapter 8 To overcome some of the limitations above, some cloud accounting systems have developed to such an extent that they meet the niche or particular needs of different types of business, such as freelance workers, retailers and service providers. They are often integrated so that, for example, customer receipts are matched against invoices, and the receivables' ledger and ledger control account are also updated, reducing transaction recording time whilst also performing the control account reconciliation. 1.4 Information and documentation received by the finance function The finance function receives a broad range of information and documentation from different parts of the business. It may be expressed in both financial and non-financial terms. The finance function must be able to understand, record, summarise and classify that information and documentation in a number of ways. Budgetary information may be received from other parts of the business, such as inventory control, production, sales and despatch. It may be that the finance function has requested information from the various departments, perhaps on standardised documentation to initiate and progress the budget preparation and approval process. For example, inventory control may quantify the amount of available storage capacity it has (or it needs) to cope with changes in production. The finance function may need to recognise costs for any additional storage capacity required. The production department may quantify the requirements for materials and components and the finance function will then need to convert this information into a financial or budgetary requirement. Usually, it is the finance function that coordinates and aggregates the various departmental budgets into a single document expressed in financial terms, ensuring that it is coherent and consistent. Inventory control includes the receipt of materials, components and goods from suppliers, their storage and location and their subsequent issue to other departments e.g. production or despatch. The finance function will receive notification from inventory control that goods were received, specifying the date of receipt, the quantity and description of goods received (perhaps sending the goods received note). The finance function can then use this information to record the receipt of goods as an expense and as a liability and match it with purchase orders and invoices. 148 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Costing information may comprise the quantity of products produced within a specified period of time. This will often be quite detailed when a business produces a range of products to different specifications or requirements. The finance function may use this information to produce the costings required, such as the total cost, perhaps split between fixed and variable components. This information could then be used to assist with pricing decisions. Information from suppliers normally includes: goods received notes as evidence of the receipt of goods which is the point at which we should recognise that an expense has been incurred, with a liability outstanding until it is settled invoices for goods and services received which will be used to update the accounting records credit notes from a supplier when goods have not been received or were returned, perhaps because they were damaged, which will be used to reduce the expense and associated liability statements of account to summarise invoices and amounts outstanding, which can be used to check against the relevant payables' ledger account to confirm that it is fairly stated, or to raise queries with the supplier. Information from customers normally includes: orders for goods, which will be forwarded to the relevant department e.g. sales or inventory control, perhaps with prices added by the finance function signed despatch notes from customers to acknowledge that they have received goods, which can be used as a basis for raising a sales invoice requests for a credit note if goods were not received, or were returned, perhaps because they were unsuitable or damaged remittance advices to confirm which invoices have been paid by the customer, along with notification of the manner of payment e.g. accompanying cheque or by direct credit into the bank account. KAPLAN PUBLISHING 149 The role of information: Chapter 8 1.5 Information and documentation produced by the finance function The finance function produces a broad range of information and documentation for different parts of the business. The information is likely to be stated in both financial and non-financial terms. The finance function must be able to produce, record, summarise and classify that information and ensure that it is in a usable and understandable form for the intended users. Budgetary information will normally be produced by the finance function. Often, the budgeting planning process will consist of the finance function requesting information from other parts of the business, such as inventory control, production, sales and despatch departments. Based upon this information, the finance function will then commence the budget preparation process. This is likely to involve regular communication with the other parts of the business to seek additional information or clarification of information previously submitted to ensure that any inconsistencies or problems are resolved. Following preparation and approval of the budgets or forecasts, the finance function will often prepare regular reports to enable departments and the business as a whole to monitor performance and to assist decision-making and control by managers. The information produced could be, for example, monthly management accounts with variances between budget and actual performance highlighted so that attention can be focussed on the key issues. Inventory control covers receipt of materials, components and goods from suppliers, their storage and location and their subsequent issue to other departments e.g. production. The finance function will record the receipt of goods as an expense and liability and match it with delivery notes and purchase invoices. Note that the flow of information may involve several business departments or functions, depending upon the size and complexity of the organisation. Costing information may involve the calculation of standard costs to assist business decision-making. Costing information produced may also include the calculation of total cost per unit, perhaps split between fixed and variable costs to further assist business decision-making. Information produced for suppliers normally includes: remittance advices to confirm the invoices and amounts paid, plus reference to the method of payment e.g. cheque or direct payment to the supplier's bank account requests for a credit note if goods were not received or were returned for any reason. 150 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Information produced for customers normally includes: despatch notes for the customer to sign upon receipt of goods sales invoices credit notes when goods have not been delivered, were damaged in transit, or the wrong goods were supplied statements of account to confirm invoices and amounts due and/or overdue. Other information produced by the finance function is likely to include: cash and pefty cash books of prime entry, including supporting invoices, vouchers and receipts bank reconciliations and reconciliations of the petty cash balance list of cash and cheque receipts for banking summaries of the available cash balance to ensure that the organisation does not exceed its loan and overdraft facilities accounting transactions and ledger accounts as a basis for preparing periodic management accounting and financial accounting information summaries of wage and salary payments required each week or month, along with the related returns and payments to HMRC preparing information and returns required by HMRC to support payments of VAT and other business taxes. 2 The importance of data and information security 2.1 Security, privacy and confidentiality of information 0. Definitions Cybersecurity is the application of processes, systems and controls to protect systems, networks, programs, devices and data from cyberattacks. A cyberattack is an attempt to damage or destroy a computer network or system. KAPLAN PUBLISHING 151 The role of information: Chapter 8 What are the risks associated with data and information security? 1 Physical intrusion leading to theft or damage of assets. Theft includes loss and illegal copying. 2 Physical damage to hardware or computer media. This includes malicious damage, poor operating conditions, natural disasters and simple wear and tear, any of which can physically damage hardware and storage media such as disks, tapes and diskettes. This represents a triple threat — the cost of repair or replacement of hardware, the danger of damaged data or program files and the cost of computer down time. The loss of accounting records could be sufficient to cause the company to fail. Most non-technical users of systems would be surprised that there is an inherent risk to any computer system. Systems failure can mean that data is lost, or physical damage can occur in a manner that is virtually impossible to guard against in a cost-effective way. 3 Damage to data — hackers, viruses, program bugs, hardware and media faults can all damage data files. The havoc caused by damaged data is made worse if it is not detected and rectified quickly. Hacking activities can: generate information which is of potential use to a competitor organisation provide the basis for fraudulent activity cause data corruption by the introduction of unauthorised computer programs and processing onto the system, otherwise known as `computer viruses' alter or delete the files result in the infection of systems by ransomware, typically requiring a payment in crypto-currency to unlock the system. A famous example of this was the `Wannacry' cyber attack in 2017. This had worldwide implications including the infection of NHS systems leading to the cancellation of operations and significant disruption. 4 Operational mistakes — due to non-deliberate events such as running the wrong program, or inadvertently deleting data that is still of value to the organisation — this can cause significant problems, ranging from the need to recover files and repeat computer processing runs, to the possibility of losing customers. 152, KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Links to the Internet bring extra security risks. Examples include the following: viruses can spread through the network disaffected employees can cause deliberate damage to data or systems hackers may be able to steal data or damage the system employees may download inaccurate information or imperfect or virus-ridden software from an external network information sent from one part of an organisation to another may be intercepted the communications link itself may break down. Note that in the nuclear energy sector, critical safety and security systems are isolated from the internet because of the severe consequences which would result from the issues described above. 5 Industrial espionage/fraud — can lead to loss of confidentiality with sensitive information being obtained by outsiders or unauthorised employees. Industrial espionage and sabotage can yield significant advantages to competitors, and fraud and blackmail is a significant threat. A significant amount of time, effort, cost and resource is used by many businesses to ensure that data and information is secure. Why is this? To protect data and information which is commercially sensitive and which, if available to competitors, would give them a competitive advantage. To support efficient and effective ways of working and using the data and information available to the business. To maintain the confidentiality of personal data and information, such as the home address, contact details and payroll-related information of individual employees. To maintain the confidentiality of information from customers and suppliers, such as bank account details which, if available to others, could be open to inappropriate use. To ensure the completeness and reliability of data and information by minimising the risk of inappropriate access and amendment. KAPLAN PUBLISHING 153 The role of information: Chapter 8 To ensure compliance with legal and regulatory requirements regarding data handling, storage, use and transfer to others, such as the following UK examples: — General Data Protection Regulation (GDPR) 2016 — Computer Misuse Act 1990 dealing with inappropriate use of computers - Data Protection Act 2018 dealing with how personal data is stored, protected, amended or deleted. In doing so, fines, penalties and adverse publicity are avoided. For data and information regarded as private and confidential, it is important that it is accessed and used only for appropriate purposes by suitably trained and trusted individuals. Individuals working in the finance function (including payroll) often have in-house training to emphasise the importance of confidentiality and appropriate use of data and information. The inappropriate use of confidential data and information may also be covered in contracts of employment. Deliberate or accidental misuse or disclosure of such information may result in the employee being subject to disciplinary action, including dismissal. For example, employees who process payroll information may have access to the personal data of colleagues. They should only access that personal data for legitimate purposes (to assist with the processing of payroll payments and supporting records) and not for any other purposes, such as personal curiosity or to disclose that information to another without appropriate justification. An unjustified breach of privacy and confidentiality may lead to the organisation being exposed to legal action for breach of civil or criminal law. An employee whose information was inappropriately accessed, used or disclosed could sue for breach of confidentiality or for negligence and receive financial compensation for the breach. Reference has already been made to GDPR and the criminal penalties that may be imposed for breach of that regulation. 2.2 Security measures Data security is always important, irrespective of whether the business uses computerised or manual systems and processes. For example, inappropriate access to computer files containing supplier and customer contact and bank details is no different if the same information were accessed in a manual system, such as a supplier details list or bank account payment details. 154 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Data security can be divided into a number of separate functions: Threat avoidance: this might mean changing the design of the system. Prevention: it is practically impossible to prevent all threats in a cost- effective manner, but those threats can be minimised. Deterrence: the system should try to both prevent unauthorised access and deter people from trying to access the system. Computer controls to prevent and detect access include passwords and hardware keys. As an example of a possible deterrent, computer misuse by employees could be treated as grounds for disciplinary action or dismissal. Similarly, in a manual system, a book of supplier contact and bank account details could be kept under the personal control of a senior member of the accounts department, with a requirement that it is stored in a locked drawer, cupboard or safe unless required. Detection: if the system is accessed without authorisation, there should be controls to detect that this has occurred and report it to the appropriate personnel. Detection techniques are often combined with prevention techniques. Computer controls will therefore include control logs of unauthorised attempts to gain access and manual reviews of amendments made to program and data files. Recovery: if data security has been compromised, its consequences should be limited as far as possible. Procedures should be in place to ensure that if the computer system was destroyed or compromised by a virus, then processing could resume quickly. A basic control procedure would be a complete, and regular, backup of all data. Businesses also often have a formal `disaster recovery' plan in place for such eventualities. Correction: any unauthorised changes made to computer systems should be corrected as soon as possible. This means that complete backups of all data are available and that staff are properly trained in the procedures necessary for recovery and re-installation of data in an emergency situation. 2.3 Physical security Physical security includes protection against natural and man-made disaster, e.g. fire, flood, etc. Examples of measures to avoid physical damage to the system include: fire precautions, e.g. smoke and heat detectors, training for staff in observing safety procedures and alarms, fire suppression systems (such as inert gas systems to protect computer hardware) KAPLAN PUBLISHING 155 The role of information: Chapter 8 devices to protect against power surges appropriate positioning of computer hardware away from sources of heat and damp the use of air-conditioning to maintain temperatures at safe levels. Physical security also includes protection against intruders and theft. As computers and other hardware become smaller and more portable, they are at greater risk of theft. This applies equally to manual systems and documents which could easily be stolen, scanned or photographed, perhaps by a mobile phone. Burglar alarms should be installed and a log of all equipment maintained. Employees with authorised access to the equipment and documents who are taking it off-site should book it out. They should also ensure that they have adequate security whilst in transit or at home or a third-party location. It would not be the first (or last) time that loss or damage to equipment or documents has occurred in such circumstances - for example in January 2009 a health worker lost a memory stick containing the medical details of 6,000 prisoners at HMP Preston. The data was encrypted and password protected but the password had been written on a note attached to the stick! Security guards, closed circuit TV monitoring access or other mechanical devices such as door locks and electronic devices, e.g. badge readers and card entry systems, may control access to buildings. Even within a building, authorised access to certain parts of the building may be further restricted by the use of keypads, swipe cards etc. for example to access the payroll or HR departments. 2.4 Data security Guidelines for data security include keeping files and documents in fireproof cabinets, shredding computer printouts and documents after use if they include confidential information, controlling access to data, (e.g. passwords and physical access controls) and taking back-ups of data to minimise the risks of destruction or alteration. To offset the risk of fraudulent attacks there must be: adequate control over input/processing/programs strict division or segregation of duties to ensure that one individual is not solely responsible for recording the full cycle of a transaction regular internal audit review of systems and controls to ensure that controls operate effectively. 156 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Good data security procedures help to maintain the confidentiality of information from customers and suppliers, such as bank account details which, if available to others, could be open to abuse. To avoid breach of confidentiality, there should be controls over input and output. With online systems there should be individual passwords issued only to authorised personnel, restricted access to files at the terminals and a computer log of attempted violations. All disks containing important information must be backed up on a regular basis. Information on a computer is vulnerable: hard disks and computer systems can fail, viruses can wipe a disk, careless operators can delete files and very careless operators can delete whole areas of a hard disk by mistake. Computers can also be damaged or stolen. For these reasons backing up of data is essential. This involves making copies of essential files, together with necessary update transactions, and keeping them on another computer, or on some form of storage media so that copies can be recreated (In modern cloud-based systems this happens automatically in real-time). Master file copies should be taken at regular intervals and kept at locations away from the main computer installation. Contingency plans for a disaster should include standby facilities, with a similar computer user or a bureau facility to allow processing to continue. 2.5 Rules for using passwords If passwords are used for authentication in a computer system, the following rules should be observed: It must not be possible to guess the password easily, such as the use of names, motor vehicle licence numbers, birth dates or similar. The password should consist of at least one non-letter character (special character or number) and have at least six characters. The selection of trivial passwords (BBBBBB, 123456, Password) must be prevented. Preset passwords (e.g. set by the manufacturer at the time of delivery) must be changed to individually selected, unique passwords as soon as possible. The password must be kept secret and should be known only to the authorised user. It must not be written down. The password must be changed regularly, e.g. every 90 days. This will ensure that if an unauthorised person has obtained it, he or she will have limited use. KAPLAN PUBLISHING 157. The role of information: Chapter 8 The password should be altered if it has, or may have, come to the knowledge of unauthorised persons. After any alteration of the password, previous passwords should no longer be used and re-use of previous passwords should be prevented by the IT system. Test your understanding 1 You have been asked for suggestions for a checklist of control procedures to remind authorised users about password security in the IT department. What suggestions would you make? 2.6 Controls to help prevent hacking Definition Hacking is an attempt to exploit a computer network or private network. It represents unauthorised access to a system for an illicit purpose. It may be done with the intention of committing fraud or another illegal activity, or perhaps only for the `challenge' of being able to do it; in either situation, the consequences can be just as damaging. Once hackers have gained access to the system, there are several damaging options available to them. For example, they may: gain access to the file that holds all of the system ID codes, passwords and authorisations discover the method used for generating/authorising passwords discover maintenance codes, which would render the system easily accessible. By specifically identifying the risks that the hacker represents, controls can be designed that will help to prevent such activity occurring. Examples include: Physical security — check that terminals and PCs are kept under lock and key and ensure that, where dial-in communication links are in place, a call-back facility is used. (In call-back, the person dialling in must request that the system calls them back to make the connection). 158 KAPLAN PUBLISHING THE BUSINESS ENVIRONMENT SYNOPTIC Authorisation — Management often requires that the contents of certain files (e.g. payroll) remain confidential and are only available to authorised staff. This may be achieved by keeping removable disks containing the files in a locked cabinet and issuing them only for authorised use. Passwords — the controls over passwords must be stringently enforced and password misuse should represent a serious disciplinary offence within an organisation. Associated with the password is a list of files, and data within files, which the user is allowed to inspect. Attempts to access unauthorised files or data will be prohibited by the operating system and reported. For example, an order clerk would be allowed access to a stock file, but not employee files. Similarly, the clerk would be allowed access to customer files for the purpose of recording an order, but would not necessarily be able to inspect details of the account. For systems that use passwords and logging on techniques, the workstation should not be left in the middle of editing. A screensaver with password control can be used for short absences, which avoids closing down the machine. Data encryption — files can be encrypted to render them unintelligible unless a decoding password is supplied. Data may be coded so that it is not understandable to any casual observer who does not have access to suitable decryption software. Encryption provides a double benefit. It protects against people gaining access to the system, and it protects against the tapping (monitoring network traffic) of data whilst being transmitted from one machine to another. System logs — every activity on a system should be logged and subject to some form of exception reporting, e.g. unusual dates or times of access could be reported. Random checks — the `constable on the beat' approach checks who is doing what at random intervals on the system and ensures that they are authorised to perform those activities. Shielding of (Video Display Units) VDUs — to protect against people with detection equipment being able to view remotely what is being displayed on VDUs, the units may be shielded to prevent the transmission of radiation that can be detected. KAPLAN PUBLISHING 159, The role of information: Chapter 8 2.7 Preventative steps against computer viruses It is extremely difficult to guard against the introduction of computer viruses. Even seemingly harmless screen savers have been known to contain deadly viruses that destroy computer systems. You should not download from the Internet or open emails that have attachments, unless you know the source of the email and you trust that source. If you are in doubt you should ask your line manager or IT department for permission to open documents or attachments. Steps may be taken to control the introduction and spread of viruses, but these will usually only be effective in controlling the spread of viruses by well-meaning individuals. The actions of hackers or malicious employees are less easy to control. Preventative steps may include: Anti-virus software to prevent corruption of the system by viruses. However, the focus of the program is to detect and cure known viruses, and therefore it will not always restore data or software that has been corrupted by the virus. As new viruses are being detected almost daily, it is virtually impossible for the virus detection software to be effective against all viruses — anti-virus software must therefore be kept up-to-date Control over the use of external software (e.g. checked for viruses before use) and approved by the IT department Use of only tested, marked disks/memory sticks within the organisation Restricted access to CDs & flash drives on all PCs/workstations Passwords and user numbers can be used to limit the opportunities for unauthorised people to access the system via the public communications network. 160 KAPLAN PUBLISHING

Chapter 8 The Role of Information PDF

Document Details

Tags

Related

Summary

Full Transcript