Security-Control-in-Management-Information-Systems 2

Security Control in Management Information Systems Understanding the essential safeguards that protect organisational information assets SECURITY CONTROL IN MIS Safeguarding information in Management Information System Presented by - Bhusan Sahare Roll no. - 35 , MBA- 1st Sem Paper - Information System For Managers ( MBA-108 ).

First , What is an MIS ? MIS stands for Management Information System, which is a field that merges information technology with business to help organizations collect, process, and analyze data for better decision-making. Why is it a target ? This information is a critical asset. It includes financial data, customer lists, and strategic plans. Protecting this asset is essential for business survival and success..

What is Security Control? Definition Security control refers to the protective measures, policies, and procedures implemented to safeguard information systems from threats, unauthorised access, and potential damage. These controls ensure the confidentiality, integrity, and availability of critical business information..

Why Security Control Matters Protect Assets Safeguards valuable data, hardware, and intellectual property from theft or damage. Prevent Breaches Reduces risk of unauthorised access and cyber attacks that could compromise operations. Ensure Compliance Meets legal and regulatory requirements for data protection and privacy. Build Trust Maintains customer confidence and protects organisational reputation..

Types of Security Control Security controls are categorised into five main types, each addressing different aspects of information system protection. 01 Storage Security Protecting data at rest 02 Procedural Security Policies and protocols 03 Physical Security Tangible asset protection 04 Telecommunication Security Network and transmission safety 05 Computer Failure Controls Business continuity measures.

Storage Security Control Protecting Data at Rest Storage security focuses on safeguarding information stored in databases, servers, and backup systems. Encryption: Converting data into coded format to prevent unauthorised reading Access controls: Restricting who can view or modify stored information Backup systems: Regular copies stored securely in multiple locations Data masking: Hiding sensitive information from unauthorised users.

Procedural Security Control Security Policies Written guidelines defining acceptable use, password requirements, and data handling procedures that all employees must follow. User Authentication Verification processes including passwords, biometrics, and multi-factor authentication to confirm user identity. Training Programmes Regular education sessions to ensure staff understand security threats and proper response protocols. Audit Trails Systematic recording of system activities to track access, detect anomalies, and investigate incidents..

Physical Security Control Access Control Systems Biometric scanners, key cards, and security personnel restricting entry to sensitive areas like server rooms. Environmental Controls Fire suppression systems, temperature regulation, and humidity control protecting hardware from damage. Surveillance Systems CCTV cameras and monitoring equipment providing continuous observation of facilities and equipment..

Telecommunication Security Control Securing Data in Transit Telecommunication security protects information as it travels across networks and communication channels. Firewalls: Barriers filtering incoming and outgoing network traffic VPNs: Virtual private networks encrypting data during transmission Intrusion detection: Systems monitoring for suspicious network activity Secure protocols: HTTPS, SSL/TLS ensuring safe data exchange Anti-malware: Software detecting and removing malicious programmes.

Computer Failure Controls Preventive Measures Uninterruptible power supply (UPS), surge protectors, and redundant systems preventing failures before they occur. Recovery Plans Disaster recovery procedures and business continuity plans ensuring rapid restoration of operations after system failures. Backup Strategies Regular automated backups stored off-site or in cloud systems enabling data restoration when needed..

Key Takeaways Comprehensive Approach Effective security requires implementing all five types of controls working together to protect information systems. Human Factor Procedural controls and staff training are as crucial as technical measures in maintaining security. Continuous Process Security control is ongoing—requiring regular updates, monitoring, and adaptation to emerging threats. "Security is not a product, but a process of continuous vigilance and improvement.".

Thank You.