Audit and Control Security Technology - Case Study Example

Audit and control security technology Audit and control security technology Introduction Data or information security refers toprotecting information or data from the destructive forces as well as other unwelcome actions by unauthorized users. Information security has become a major area concern for both at government level and the business level since it poses threats to critical infrastructure of these two parties. As for organizations, banks in this case, stoppage of compromise to their data assets is given a priority. They have to emphasize their focus on forming a firm information security policy and consequently implement control measures which will prevent either access or/and manipulation of their data and systems. In the world today, banks have migrated fully to the digital realm (Gallegos et al., 2004). They are carrying out most all their business lives online. This has increased the data security threats exponentially. However, with an effective security technology the banks are capable of withstanding the threats thus keeping its systems and data safe and secure. The document below analyzes audit and control security technology use in banks as well as the aspects attributed to the technology. Security and privacy controls of information systems is one of the primary strategies organizations and individuals implement to protect their operations, assets, etc. from various threats such as natural catastrophes, human errors, cyber-attacks and structural failures (FIPS, 2006) Discussion It is worth noting that most of the user-friendly technologies like cloud storage and mobile web are mostly hacker friendly. Banks solutions are of great importance in the world today. In case of threats such as cyber-attacks, structural failures, and human errors the bank solutions can be adversely affected to a great extent. The threats vulnerability usually creates room for identity theft, reputational damage, propriety information loss and regulatory involvement. This calls for banks to deploy an ever more vigorous defense in its solutions. Irrespective of the attention put on data security, the breaches’ risk is likely to worsen. This is because banks in the world today maintain great amounts of personal data on employees and customers. The other reason is the existence of technology proliferation. The data thieves have become improved their inventiveness (Umar, 2004). The businesses, however, have not concentrated on keeping up on corporate policies, tools, training, procedures as well as compliance efforts. The audit and control technology, however, has been initiated by experts with the latest technology to provide the banks with comprehensive as well as pragmatic solutions as far as information security is concerned. The technology has a number of capabilities. One of the capabilities is that the technology utilizes modern procedures and techniques in determining risk tolerance as well as its relationship with the entrepreneur’s infrastructure. The technology’s procedures have been deliberated in a way that will minimize disruption of daily operations of the responsible individual. The technology also has cell-level audit trails. The technology’s software remotely monitors the files in the corporate file shares as well as in the share point document libraries (Moeller, 2010). The technology is also capable of keeping the revision history of all the responsible individual’s files. This is of great advantage to the entrepreneur since they are given an opportunity of comparing any two versions as well as restoring the prior versions. Another major capability of the audit and control security technology is that it has automated internal controls. It offers the owner of the technology to automate the key controls for the cell level auditing, change control, version control, duties’ segregation, data integrity, security and reporting. This means that the technology has a wide range of flexibility the owner can change it suit his or her specifications. It also offers an improved level of efficiency. The other capability is the technology’s web-based interface. The administrative user interface of the audit and control technology resembles the SharePoint server interface and hence easily understandable (Linux-- security, audit and control features, 2005). It is easy for a person to argue that the cost of installing a data control technology is high. However, more funds end up into waste when trying to recover stolen or damaged data. As it was once said prevention is better than cure, it is better incurring the prevention cost which is much lower than the cost one would incur in the attempts of recovering the lost data. The audit and control technology is a relatively cheap technology costing approximately 100 USD per user. The companies are, however, required to purchase hardware for it which is about 1000 USD for every 10 users. Access and identity management can be of great help but it is worth around 100,000 to 200,000 USD to deploy. It also requires an annual fee of 35000 USD necessary for support as well as maintenance (Gallegos et al., 2004). Most of the costs represent the upfront expenditures. The infographic shows, however, are minimal when compared to the security breach costs. The maintenance of the technology is relatively cheap and easy. The user is expected to pay a fee of up to 30, 000 USD as the maintenance fee. The audit and control technology’s management will thereby maintain the technology for the user. This will be of great help to the user in that no complications are likely to feature in the operations of the technology. In case of the technology’s breakdown, the technology’s technical department will fix for the customer without demanding any extra coin. This means that the breakdown cost is inclusive in the maintenance package. In case the technology needs to be updated the management of the technology will furnish their customers with the necessities at no extra cost (Moeller, 2010). This means that the technology is easily manageable. In terms of flexibility, the technology is awesome. The flexibility of the technology can easily be judged by considering three main features namely modularity, consistency and change acceptance. The modularity aspect entails the fact that the technology is capable of supporting a greater number of modifications and arrangements. It is also the degree of a formal design separation in the technology application. The audit and control technology provides manageable units or hardware that can be easily modified as changes in business processes erupt. It also offers an opportunity of creating as well as destroying modules. This aspect makes this technology very flexible since it is modifiable to suit any business structure hence suitable for offering bank’s solutions (Gallegos et al., 2004). Change acceptance is another aspect incorporated in the technology’s flexibility aspect. As people have varying amounts of capabilities of accepting change or coping with change, technologies are written with varying amounts of built in flexibility and restrictiveness. The restrictiveness or flexibility may be either intentionally or unintentionally a technology design’s part (Parker & Graham, 2008). The audit and control technology is, however flexible since some features such as objects’ library and reusable codes possess a positive impact on the change acceptance. However, some crucial aspects and details are restricted for the security of the technology. Consistency is the final aspect encompassed in technology’s flexibility. This entails the ability of components and data to be integrated in as well as offering a number of solutions reveals a great ability of adapting to change hence flexible. The audit and control technology’s data as well as components can be easily integrated consistently across the application of the technology. This in return makes the technology very flexible (Umar, 2004). In terms of implementation, the audit and control technology is very feasible. Feasibility refers to the degree or state of being conveniently or easily done. The technology is compatible with all the operating systems in operation today. This makes it easy to install and hence suits all the potential users. It can be incorporated, ran and manned through the mobile devices hence a feasible technology in the entire process of its implementation. The technology has its own advantages as well as disadvantages. One of the advantages is that it has great audit efficiency, increased confidentiality, reduced staff travel and complete objectivities. These are adorable aspects that every person would not mind to enjoy. The technology also preserves the records of all the transactions that happen in the company where it operates. The other pro of the technology is that whenever the system gets infected with a Trojan or a virus, or a file gets corrupted or mutilated and the problem goes unnoticed until later, recovering of the latest clean file of the file that was affected is possible (IT Governance Institute, 2004). The aspect of the technology offering data recovery in just few seconds offers another advantage of making use of this technology. The other advantage is that installing the hardware and programming is simple and straightforward and it does not put the data in existence at a risk. The other advantage that suits the bank solutions is that it is easy to monitor the entire process and operations of all the branches of banks from one particular place. The technology’s cons on the other hand are that the technology needs propriety hardware that adds complexity and cost. When data has been corrupted, the process of restoring this data might be contingent on file size and network speed while the restoration process can be time consuming. The local disc of the technology is updated only after the replicated data has been committed or written to the target disc as well as the corresponding acknowledgement is sent back to the server who produced it. The barriers to the implementation of this technology is that it is only in English mode and hence people who does not use English might be locked out from making use of this technology. It also requires stable networks to perform effectively and thus the companies that do not have stable networks might not benefit fully from the technology (Umar, 2004). Some American firms such as four licensing corporation have adopted this technology thus forming the technology’s first adopters. Conclusion The audit and control technology is a great technology that can offer a solution to data protection which has become a critical issue in the digital world. In terms of its capabilities it is worth considering since its aspects cut across essential matters of data security such as determination of data tolerance. The technology is also cost friendly especially because one the user pays the maintenance fee the rest all the aspects are catered by the management of the technology with extra cash. It is also very flexible and it is feasible in its implementation. All these aspects makes the technology effective and advantageous for its implementation. References Gallegos, F., Taylor & Francis., & CRC Press. (2004). Information technology control and audit. Boca Raton, Fla: Auerbach Publications. IT Governance Institute. (2004). OS/390-z/OS security, audit and control features. Rolling Meadows, IL: IT Governance Institute. Linux-- security, audit and control features. (2005). Rolling Meadows, IL: Information Systems Audit and Control Association. New York: Wiley. Moeller, R. R. (2010). IT audit, control, and security. Hoboken, N.J: Wiley. Parker, X. L., & Graham, L. (2008). Information technology audits. Chicago, IL: CCH. Umar, A. (2004). Information security and auditing in the digital age: A practical and managerial perspective. San Francisco: NGE Solutions, Inc. Read More