Recall, in Chapter 11, the first case was about Hammaker Manufacturing (HM), a company that decided to work with a consultant to computerize much of their operations. HM has grown substantially and must upgrade its information systems. The company is developing a new, integrated, computer-based information system. In conjunction with the design of the new system, the management is reviewing the data processing security to determine what new control features should be incorporated. Two areas of concern are
(1) Confidentiality of company and customer records and
(2) Protection of data, computer equipment, and facilities.
The new information system will process all company records, including sales, purchases, budgeting, customer, creditor, and personnel information. The stores and warehouses will be linked to the main computer at corporate headquarters by a system of remote terminals. This will permit data to be communicated directly to corporate headquarters or to any other location from each location within the terminal network. Employees will also be able to access the system with laptops and handheld devices via a secured wireless network.
At the current time, certain reports have restricted distribution because not all levels of management need to receive them or because they contain confidential information. The introduction of remote terminals in the new system may provide access to these restricted data by unauthorized personnel. Management is concerned that confidential information may become accessible and be used improperly.
The company’s management is also concerned with potential physical threats to the system, such as sabotage, fire damage, water damage, or power failure. With the new system, a computer shutdown would severely limit company activities until the system is operational again.
1. Identify and briefly explain the problems HM could experience with respect to the confidentiality of information and records in the new system.
2. Recommend measures HM could incorporate into the new system that would ensure the confidentiality of information and records in this new system.
3. What safeguards can HM develop to provide physical security for its
(a) Computer equipment,
(c) Data processing center facilities?