Professional Documents
Culture Documents
4. Use risk analysis and management software packages to review computer and
network security measures, detect illegal access, test for weaknesses and
vulnerabilities, report weaknesses found, and suggest improvements.
5. Track purchased software to comply with copyrights and protect against software
piracy lawsuits. Companies should periodically conduct software audits.
Employees should be informed of the consequences of using unlicensed software.
Track and monitor mobile devices, as their loss could represent a substantial
exposure. Also, track who has them, what tasks they perform, the security
features installed, and what software is needed to maintain adequate system and
network security.
6. Have periodic external, internal, and network security audits to assess and
monitor risk as well as detect fraud and errors.
7. Have a chief security officer (CSO), who is independent of the information system
function, be in charge of system security and report to the chief operating officer
(COO) or the CEO. Have a chief compliance officer (CCO), who reports to the
same people, be responsible for all compliance issues
10. Install fraud detection software to help ferret out fraud, such as illegal credit card
use, and notify forensic investigators when it is found.
11. Use a fraud hotline so people witnessing fraudulent behavior can report it
anonymously.