IT control is "A policy that provides a reasonable assurance that the information technology used by an organization operates as expected, that the data is reliable and the organization is in compliance with applicable laws and regulations." It can be categorized into management controls and application controls.
Insufficient IT control means the organization fails to protect the information asset, which means the organization is more likely to suffer losses from the exploited threats. Log review is one of the IT control practices, it is the process of recording events that happened on the system, e.g. User login and Modification of file content.
Monitoring system activity, it helps to detect any malicious activities that act against the system. For instance, if a company does not establish proper control: fails to create and review logs regularly, it fails to discover the malicious act of the staff: an IT staff tried to turn off / disable the system firewall without specific reason during business operating hours. This act allows all data packets to enter and exit the network unrestrictedly and put the system network at risk.
Order custom essay IT Control For Data Protection with free plagiarism report
Without firewall protection, some malware includes computer viruses; worms and Trojan horses can easily spread across the network connection and infect all the computers that are attached to the local area network. Therefore, data inside the system can be destroyed or stolen. Not only disrupting the business operation, the stolen data (including confidential information like customer banking account details) may also be released to an unauthorized party for conducting financial crimes – cause of data breach.
The company may fine by the information commissioner's office as it violates the data protection rule and exposes customer-sensitive information. We can see that insufficient IT control makes organizations become more vulnerable to outsiders' attacks. Companies will find out that it is more difficult to retain customers due to their bad reputation and competitive disadvantages.
Cite this Page
IT Control For Data Protection. (2018, Apr 25). Retrieved from https://phdessay.com/it-control-for-data-protection/
Run a free check or have your essay done for you