3.

5 Computer-Based Fraud
Computer-Based Fraud is another threat done by internal people in an organization by modifying the processing data and routine entry data. This threat can be said as one of the major threat that affect a lot of companies and also a basic threat used to fraud the information of an organization.

3.6 Viruses, Worms and Trojans

Viruses, Worms and Trojans are common external security threat which used by outsider to steal information from an organization they targeted. The function of these viruses, worms and Trojans are not only to steal data and information but also to replicate themselves across the system and network, erode functionality of system, corrupting and damaging the system information data. This viruses, worms and Trojans are usually sent via e-mail attachment.

3.7 Hackers
Hackers are usually highly skilled person who penetrate into the information system of an organization and causing information security threat. A hacker is defined as someone who illegally breaks through into a computer system and network and illegally access information that are kept confidentially. Penetration of hackers successfully into the information system and network may cause a major problem because they can manipulate the data, steal, delete and also damage the data. Hackers are used to steal data of an organization and threatening method is used to threaten the organization for some purpose or reason.

3.8 Natural Disasters

Natural Disasters are unexpected threat that occur naturally and might cause some damages to the information kept in an organization and usually damage information stored in the computers. Examples of natural disasters that may cause harm to information kept in the organization are earthquakes, fires, floods, lightning strike and etc.

4.0 Component of Information Security

There are three main component of Information Security which confidentiality, integrity and availability. These three components of information security are the main objectives set to achieve within a Human Resource Information System (HRIS) and HRIS itself consist of another three component which are hardware, software and communication as a protection mechanisms. Procedures and guideline on how to use the HRIS should be part of the security policies to ensure that information are protected and secure with security within the organization.

4.1 Confidentiality
To achieve the goal of confidentiality in information security the organization must take sure that only an authorized person can access to the HRIS because maintaining the privacy and confidential information of employees are very important to achieve the goal of confidentiality.

4.2 Integrity
To achieve the goal of integrity in information security the organization must also make sure that only an authorized person is given the authority to make any changes, modification, create new data and delete unimportant data in the HRIS. Beside, the authorized person choose to keep

system updated must be well trained so that the employee stored the correct and accurate information and keep the current system.

4.3 Availability
Availability in information security means that authorized users or employees are able to access to HRIS to process some information which they need when required and these method usually operates using password and digital signature of users to get access.

5.0 Legal Requirement for Information Security

Several laws and regulation has been enacted by governments at various levels to protect and keep secure over information security data. This laws and regulation are mostly enacted in developed countries such as North America and in developed Europe countries. There are some legal requirements in protecting the information security data which are followed by in some Europe countries such as Personal Information Protection and Electronic Document Act, Security Breach Notification Law, Computer Misuse Act 1990, The European Union Data Protection Directive (EUDPD) and Health Insurance Portability and Accountability Act.

5.1 Personal Information Protection and Electronic Document Act

This act was enacted in Canada for electronic business. The function of this act is to promote and support the electronic business by providing protection for information and mainly for personal information which are collected, changed, used and deleted.

5.2 Security Breach Notification Law

This law was enacted in the state of California and the law state that all organization must notify their customer and also their employees under the employment contract when unencrypted personal information may be compromised, stolen or lost.

5.3 Computer Misuse Act, 1990

This act was enacted in United Kingdom especially for computer crime or misuse of computer such as hackers and cyber-terrorism to act a type of criminal offence.

5.4 The European Union Data Protection Directive (EUDPD)

This is a standardize regulation that protect the information security data and privacy which requires the entire European Union (EU) member to adopt in their national regulation.

5.5 Health Insurance Portability and Accountability Act

This act basically enacted to protected health information of individuals. Employers, heath care provider and insurance companies are responsible t follow the act and to protect those information. Likewise, this act also set a standard for national electronic health care transaction.