Professional paper
INFORMATION SYSTEM SECURITY IN BUSINESS PRACTICE
Ksenija Klasić
Abstract
SUMMARY: The application of information technologies in daily work is marking an ever-increasing trend. Only ten years ago a relatively small number of employees used a computer in their work, whereas it is nowadays unthinkable that a person without computer skills would get employment. The number of hours spent in active work at the computer is growing and not only in companies with business in information. One of the consequences is that occupational safety experts are constantly and increasingly faced with a range of problems arising from the application of the computer in business practice which directly or indirectly affect work results.
Each company has its own information system that may or may not be supported by a computer. It may, however, be asserted that information technology has penetrated all pores of business and everyday life resulting from, to a great degree, a decentralization of equipment and software. In the process, more often than not, no suitable protection of computers and data has been designed, and the existing regulations applied in centralized computer centers are not regularly updated. The introduction of the Internet technology only compounds the insecurity of information systems. The users of an information system or one of its segments are occasionally not even aware of the need and importance of the data resources in a company and the methods for their protection. Data is the fundamental resource of a company, so that damage stemming from their abuse (loss, misuse, etc.) is harmful to the company as a whole. Therefore the organization of information system security is an interdisciplinary task involving all employees in a company with the aim to ensure as high as possible security, but with awareness that some losses are acceptable and need to be tolerated. For this purpose a variety of documents is used relevant to the different aspects of system security, which are by and large introduced only after some compromise in the system security has been observed. In practice, the obligation to compile and implement such documents is commonly prescribed by a special set of regulations, with only very few companies introducing a model of information system security which is in compliance with the international ISO/IEC 17799:2000 standard.
Furthermore, the protection of employees working at the computer on a daily basis in their jobs must also be regulated in the Safety and Health Regulations in Working with Computers. The Regulations prescribe the requirements which the computer equipment must comply with, with a mandatory risk assessment for the work places.
Information system security is the responsibility of all employees in a company. Only healthy, happy and suitably trained employees working in satisfactory working conditions may contribute to the improvements in equipment and data security in a business system.
Keywords
information system; information system security; occupational safety; ergonomics; ISO/IEC 17799:2000; Safety and Health Regulations in Working with Computers
Hrčak ID:
11861
URI
Publication date:
1.4.2007.
Visits: 7.045 *