ACCA PM Syllabus A. Management Information Systems and Data Analytics - Security of Highly Confidential Information - Notes ^{4 / 7}

Procedures that may be necessary to ensure security of highly confidential information that is not for external consumption.

1. Training and Staffing Controls: 
   Training staff in computer security procedures to foster the right mindset and create a strong security culture.

   Implementing authorisation and segregation of duties to ensure appropriate access and prevent unauthorised changes or access to sensitive data.

2. Physical Access Controls: 
   Utilising security guards, cameras, time controls, and electronic door locks to prevent unauthorised physical access to computer systems.

3. Logical Access Controls: 

   Implementing system passwords, usage logs, and call-back security to safeguard against unauthorised logical access to data and software.

4. Password Controls: 

   Establishing strong password policies, including using a combination of alphanumeric characters, regular password changes, avoiding easily guessable passwords, and ensuring different passwords for different system functions.

5. Hacking Prevention Measures: 

   Implementing physical and logical security measures, maintaining system logs and audit trails, utilising sentinel programs for monitoring, conducting risk analysis, and employing strong quality control procedures during program development.

6. Encryption: 

   Utilising encryption algorithms and keys to protect sensitive data during transmission or storage, preventing unauthorised access.

7. Software Audit Trail: 

   Maintaining a record of important data about each transaction for verification purposes, including user and terminal identification, time and date of the transaction, and related transaction details.

8. Testing Systems Security: 
   Conducting comprehensive testing of security systems, including physical and logical penetration testing, to ensure their effectiveness and identify potential vulnerabilities.