To prevent security related problems one of the best ways is to institute controls into our information system through methods, policies, and procedures.


Information Systems Controls

These are just a few examples to get you to think about the fact that the company designs the security into the building from the beginning. It doesn‘t wait until everything is built. You should do the same thing with an information system. It‘s no different from any other system that requires planning and well-thought- out policies and procedures before construction begins.


The two types of information system controls are:


  • General controls: Software, physical hardware, computer operations, data security, implementation process, and administrative. Table given below describes each of
  • Application controls: Input, processing, and

Risk Assessment

Companies and government systems constantly use risk assessment to determine weak links in their physical building security. You can use the same methodology to assess the risk in your information system. Use risk assessment to set up cost comparisons for developing and maintaining security against the loss potential. It‘s done all the time in other systems, so use it for your information system as well.


Security Policy

Because of the increasing liability for security breaches, many companies are now establishing a chief security officer position to help ensure the firm maximizes the protection of information resources. Some tools available to the CSO are:


  • Security policy: Principle document that determines security goals and how they will be
  • Acceptable use policy: Outlines acceptable and unacceptable uses of hardware and telecommunications
  • Identity management system: Manages access to each part of the information


Identity management is one of the most important principles of a strong, viable security policy. It includes:

  • Business processes and software tools for identifying valid system
  • Controlling access to system
  • Policies for identifying and authorizing different categories of system
  • Specifying what systems or portions of systems each user is allowed to
  • Processes and technologies for authenticating users and protecting their identities