A computer system is at risk of been accessed illegally and data that is held there within put at risk.
Given the sensitive nature of accounting data, the finance director has asked for an audit report detailing the security status of the system. Data will be input in the computers from workstations, and there is risk of unauthorized access to this data at this point. Data from satellite stations will be transmitted through the internet, and there is the risk of this data getting accessed by unauthorized individuals either remotely or otherwise. The finance director has specifically asked for a description of the general controls that can be exercised to avert unauthorized access to the computer system from remote workstations. These may be the remote workstations of the company's staff or the remote workstation of a computer hacker. The director also asked for procedures that can be applied to avert unauthorized access to the computer through the service provider. Controls to be employed in the purchases and payroll systems over retrieval of information, input of transaction data and updating of standing data files has also been requested.
It has been noted that a large number of unauthorized access to a company's computer system is from within, rather than from without (Wilkinson: 2009). What this means is that there are some members of the staff who are errant enough to access the computers of their employer without the relevant authorization. The reasons why they do this are varied. Some are interested in sabotaging the activities of the company while others are just curious about the contents of the computer. There are several procedures that have been developed that ensure that this does not happen.
Use of Password and User ID Control
Password is the most common form of control that is used to ensure that there is no unauthorized access to a computer and the computer system (Nikoltos: 2008). In this case, every user of the computer or system is given an identity, or ID. The ID might be his name or other such identifications. He accesses the system by using that ID, since it is the name that the system knows him with. A password is then given to each and every of these ids. The user is supposed to provide the computer with his identity and the accompanying password for him to be allowed access to the system. Every password is specific to a particular ID. A wrong combination of the two will not allow the user to gain access to the system (Nikoltos: 2008).
When there is more than one user with identical names and information, a special ID called the User Specific ID is used (Marie: 2007). Windows will utilize Security ID or SID for each and every of those accounts (Marie: 2007). The best thing about this ID is that it is a very unique key. When a user is creating an account, the security identity is generated, giving all his details (Wilkinson: 2009).
Passwords and user IDs have some strength that makes them effective in dealing with a remote unauthorized access. For starters, the computer system is set such that there is no access that can be permitted if the correct combination between ID and password is not made (Wilkinson: 2009). This makes it possible for the computer system to alert the administrator when an unauthorized access had been attempted. It is also very hard for a password to be replicated. The user can create a very