Every day, the companies have hundreds or thousands of business transactions with customers and vendors, and through these transactions, the data gets processed, collected and stored. The data collected and stored from transactions usually contains individual customer’s and vendors private and business information that must be protected and safeguarded by the company’s effective and efficient control systems. Incidents may happen to anyone, and data processed and collected from transaction may intentionally or unintentionally released to an untrusted environment and may cause more damage for the companies; therefore, these data needs to be safely and secure guarded against any data breach and must be controlled by effective and efficient IT
…show more content…
According to Turner and Weickgenannt (2013), there three major control concerns related to databases, and such as: Unauthorized access, adequate backup of the data, and data integrity. To prevent a data breach and exposing sensitive information, the company should develop an automated security system through IT compliance control. It can be done by implementing log-in procedures, password settings in every certain days, server and firewall configurations, biometric controls, security token, intrusion detection in all company’s computers, and vulnerability assessment (Turner & Weickgenannt, 2013). When there is an immediate business transaction occurs, the company should able to identify any external threats by using real-time alert system, if there is a system used by the company. Real-time alert system can help to identify and respond to the threat of a targeted attack and security and sensitive information, and it will a red flag to the management to investigate any suspicious network activities. For example, an employee is browsing through data and customer’s records and trying to sell customer data to the external or third party without any customer’s or companies permission, real –time alert system will give a signal to the management and alert them …show more content…
For example, if a customer is applying for a loan at the bank, the bank has a right to have a full and complete disclosure of the customer’s credit history. Therefore, the company’s IT application control must be used to ensure completeness and accuracy of data in the database because the IT application controls are analyzed by managers to validate data and reports (Turner & Weickgenannt,
According to Turner and Weickgenannt (2013), there three major control concerns related to databases, and such as: Unauthorized access, adequate backup of the data, and data integrity. To prevent a data breach and exposing sensitive information, the company should develop an automated security system through IT compliance control. It can be done by implementing log-in procedures, password settings in every certain days, server and firewall configurations, biometric controls, security token, intrusion detection in all company’s computers, and vulnerability assessment (Turner & Weickgenannt, 2013). When there is an immediate business transaction occurs, the company should able to identify any external threats by using real-time alert system, if there is a system used by the company. Real-time alert system can help to identify and respond to the threat of a targeted attack and security and sensitive information, and it will a red flag to the management to investigate any suspicious network activities. For example, an employee is browsing through data and customer’s records and trying to sell customer data to the external or third party without any customer’s or companies permission, real –time alert system will give a signal to the management and alert them …show more content…
For example, if a customer is applying for a loan at the bank, the bank has a right to have a full and complete disclosure of the customer’s credit history. Therefore, the company’s IT application control must be used to ensure completeness and accuracy of data in the database because the IT application controls are analyzed by managers to validate data and reports (Turner & Weickgenannt,