Controls to Minimize Risks to Computer Systems and Data i) Authentication – This is the process which enables the computer system to confirm that the person trying to gain access into the system has the authority to do so by requesting some specific information before the system opens up.

ii) Encryption – Encryption is used to reduce the risk of data transmitted across communication links being intercepted or read by unauthorized persons. It involves scrambling the data at one end of the line, transmitting the scrambled data and unscrambling it at the receiver’s end of the line so that a person who intercepts the scrambled data cannot make any meaning out of it.

iii) Regular audit – The organization must conduct periodic information system audit on its database management system to ascertain if there is any attempted intrusion.

iv) Intrusion detection system – This software monitors systems and network resources and promptly alerts the company’s network security staff when it senses a possible intrusion so that preventive measures are put in place.

v) Anti-virus software – It searches the system for viruses and removes them. Anti-virus programmes include an auto-update feature which downloads profiles of new viruses, enabling it to check for all existing or known viruses.

vi) A Firewall – External email links can be protected by way of a firewall that may be configured to virus check all messages, and may also prevent files of a certain type being sent via email. A firewall disables part of the telecoms technology to prevent unauthorized entry.

vii) Restrictions – The organization can also restrict physical access to its servers and mainframe computers by some persons in order to check crimes.