Question

Disgruntled employees can be a significant source of problems for any company as we indicate in this problem. Andi Boyd is a very accomplished computer programmer, but she had a grudge against the company because she did not get a promotion that she thought she deserved. She decided to take out her anger on the company by coding a special routine in the mortgage loan program that erased a small, random number of accounts on the disk file every time the program was run. The company did not detect this malicious code until nearly half of all of the mortgage records were erased. In your opinion, what controls should the company have implemented to mitigate such a problem.

Answer 1

A few internal controls the company could have adopted that would mitigate such a problem are

-Limit bussiness systems and data access to approprate users

-Adhere to security and privacy policies for email , web browsing and electronic communication.

-Communicate and co ordinate access and secuirty with IT Services

-Train employees in computer access, security and software

-Inform your DSA and system/ data custodians about access rules and security violations.

-Adhere reported and suspected access and security violations

-Determine approval hiearchies and appoint departmental security adminstrator

-Implement security measures to protect access to electronic resources and private information

-Design, document, and test internal processes to ensure security and data integrity.

-Regulate authorized access to resources through security measures such as user IDs and passwords.

-Follow retention schedules and data retention requirements.

-Periodically review information stored in electronic or paper format

-Restrict access of information and systems to people who need the access to perform their jobs.