5.

Segregation of duties (Caete, Potolin, Bocboc) Since most of an organizations information is maintained in a small, central location, compared to the large file rooms associated with the pre-information technology era, those desiring to cause harm to a large amount of information in a short time span now have a convenient means to do so. Thats why there should be segregation of duties in the information system department. Information system personnel should have predefined operational limitations and they should be held accountable for any unauthorized activities outside of those limitations. Furthermore, the knowledge of computer operations held by information technology staff is significantly greater than that of the average user. That knowledge could be used for malicious purposes.

In this case, the company needs to make use of sturdy password access controls and have its employees change their passwords frequently since employees get to perform quite a lot of highly incompatible tasks. This is vital because they have either designed or viewed authorization access tables. Further, strong controls over program maintenance, such as program modification reports are required to keep track of the changes made in the system. Employees shouldnt have access to any functions of his/her previous job to avoid conflicts of interest that will lead to accounting fraud and misappropriation of company assets.