Security and Control Procedures to Safeguard Assets

Operational Controls

Organizations will have a series of security and control procedures in place to protect assets, promote operational efficiency, ensure reliable record keeping and importantly adhere to service level agreements. Critical areas such as computer and communications systems will have measures and controls in place specifically tailored to deliver efficient use both in operation and in record keeping.

The interdependence of operational controls demands a system of cross checking to ensure standards are maintained as one set of controls achieving set objectives may mask weakness in another set of controls upon which they depend. Automated complex systems such as computer and communications require particular diligence due to the high level of functionality and the number of interdependent procedures.

Computer and Communications Security

Security is an increasing area of concern with computer and communications due to the increasing size and complexity of systems and structure. Larger networks using a proliferation of applications provide opportunities for hackers, data thieves and saboteurs to cause serious damage. Weaknesses of programming and protection devices such as firewalls are exploited by those with malicious intent.

The consequences for business can be catastrophic both in terms of data loss or infiltration, failure of systems and the subsequent costs, monetary and business image. Public confidence in a business' services can be badly compromised by news of a breach in security systems and controls.

Computer Controls

System controls include organizational and procedural controls, systems maintenance controls, documentation and reporting controls, password and access controls. Application controls can be categorized as input, processing and output controls.