DXC.technology Services
Information system control involves implementing security parameters to an information system. Technological innovation has come up with many benefits but important to note is that, without implementing required security controls, information system can be detrimental to an organization (Kumar, Prasad & Samikannu, 2018). The main aim of the report would be to evaluate various information system controls that DXC.technology Company implements in order to make its service delivery to both staff and customers effective. The objective of the report would be to; analyze various security controls that DXC.technology implements to make service delivery secure, analyze how organizational application controls differs from management security controls. At an instance, all security control parameters are meant to make sure DXC.technology service delivery to both customers and staff are available when required and reliable to offer stable services. Additionally, security controls should provide required data integrity to all users, provide measures that offer data privacy mechanisms as well as provide both service provider and customers required security to organizational data (Wang et al., 2017). Despite security controls provided by the company, auditing would be addressed as a one of the mechanism an organization can use to enforce data integrity. Auditing can be used to evaluate data control parameters put in place by the organization in order to help subject organization come up with desired information control parameters.
This is an organization that offer services such as data analysis to other companies as well as application services. Many organization require data analysis in order to determine possible causes of security lapses. Additionally, organization may require security evaluation of applications that supports business operations in the company (Wang et al., 2017). DXC.technology has invested heavily on data analytics and application evaluation because many of the organizations lacks capability to employ required internal expertise. To facilitate advanced data and business application analysis, DXC.technology has developed and implemented security parameters that can be used to analyze required business operations. Besides data analysis, organization offers system security to other firms. The security services offered by the company has made it a giant security service provider across the globe. Other organizations outsource security advice as well as experts from DXC.technology. With current wave of system security lapses, organization have been going for information system security control implementation with help of DXC.technology. Its system security implementation has been incorporated into cloud computing when its customers decide to offer cloud services (Greene & Master, 2018). Finally, organization servers as consultant hub. Many organizations have been outsourcing services such as cloud based operations, data analysis and security applications.
These are Information System policies that stipulates clearly general operations of many applications. These policies are only meant to facilitate effective operations of any information system. Its application in the business operations range from mainframes, all end-user environments and servers (Simpson, 2018). DXC.technology offer general controls in areas such as network operations and data centers. Since DXC offers hosting and cloud services as well as advice to customers on data centers, the general controls are quite dynamic in order to support various clients. Similarly, general system controls are used in cases of system security accessibility from within the organization and the cloud. Cloud hosting has become norm of the business due to its nature of availability and flexibility (Evers et al., 2017). To make system available to all target users, general controls are set without exposing system to vulnerabilities. Moreover, in modern technology, organizations operational data has become very important asset which determines the future of business operations. Irrespective of nature of data hosting, adequate security to the data is required to limit and control unauthorized access. In cases of internal data hosting and network privileges, proper authorization of data, program files and network segments is very important because it provides required security. It is important to note that without proper organizational policies, it is very difficult to categorize and enforce information system security in an organization ((Jianhong & Hua, 2010). DXC.technology has clearly defined rules on the roles performed by various system users such as programmers, system administrators and general application users. Lastly, general controls are quite important as DXC.technology advocates for frequent review in order to align business operation with current security parameters.
General Management Controls (GMCs)
These are controls that are specific to individual software applications and interrelated transactions. With application controls, organization places trust of authorization to one of the employees’ in order to be able to carry out some transactions. To enforce system level controls, it is important that application has required security functionalities (Greene & Master, 2018). Application level controls in DXC.technology are mainly classified into; input controls which are used to control the nature of data entered into the system by general users. Input controls are mainly used to enforce data integrity as privacy. Next, processing controls are used by organization to determine the output that is received by specific system users. Various system users should get different output from the system and this should be guided by the privileges assigned to each user. Finally, output controls are used to determine the accuracy of the results from the system. All these types of controls are put in place during system development. Organizations puts more emphasis on application controls because they are used to generate revenue to the organization. All authorization made to the application should be made by appropriate level of management in the organization (Wang et al., 2017). Besides security system access controls available to enforce data integrity, even the team with special application access should be reviewed frequently to avoid system being compromise by trusted employees. In order to make system functionality more secure and transparent, application level controls are very important and should be enforced and be reviewed regularly. It is possible to deduce that, application level controls are mainly used to control operation of businesses and affects business operations greatly.
General management controls are procedures are made to apply to all types of information system. They can affect organization either internally or externally. Since they are applicable to all systems, it is important to make sure each general controls are not open for system manipulation (Kumar, Prasad & Samikannu, 2018). General controls are mainly meant to enforce system security from outside the organization, the processing power of the system which is controlled by assigning specific number of sessions to system. In cases number of sessions exceeds maximum set number, no more sessions are created by the system. Contrary, application controls are procedures that can be perceived to be more on internal operations of the company. They are specifically meant for individual application depending on required functionality (Ehatisham-ul-Haq et al., 2018). Each application should be developed uniquely to meet specific business operations. Application controls are grouped into three categories in order to be able to manage their operations.
DXC.technology has adopted various methodologies to be able to manage and mitigate risks to its operations and customers as well. System reliability is an important aspect that organization such DXc.technology cannot underscore due to nature of services it offers. To minimize system unreliability, DXC.technology has adopted replication strategy (Frey, 2018). Replication of the syetm makes it available for use any time. They are running standby power backs ups in their data centers as well as stable internet connection. Under replication, DXC has two data centers running same version of data and located in different locations. Despite running on their servers, they have implemented cloud servers to make sure their services are available all the time. Besides replication, DXC.technology has implemented server virtualization which minimizes service disruption when one server breaks down unexpectedly (Austin, 2018). On confidentiality, it is apparent that every organization strives hard to make its operation confidential in order to avoid competition. To make its operation free from intrusion, the company has formulated strict rules that governs the nature of operation in every business section. Since DXC offers wide array of services, few samples such as cloud hosting and system security would be handled. To make its operation more robust, organization formulated an evaluation department which determines the nature of service (Subramanian & Jeyaraj, 2018). Sensitive services should be hosted internally unless stipulated otherwise by the client. Despite client’s option, they advise their client before opting for the chosen decision. All possible threats should be analyzed to determine likelihood and threshold of attack if it occurs. According to Waz, Sobh & Eldin (2017), system security evaluation has to be done to make analyze the impact of data in cases of unauthorized access.
Application Controls (ACs)
Data integrity is used to make sure data is consistent and can be used for sound decision making with minimal errors if any. To make sure data is consistent, organization enforces measures such as data validation on entry (Jianhong & Hua, 2010). They implement and advice customers to make sure their system validation is correctly done both at interface level and database level. This is used to make sure every piece of data is correct and meets all given requirements. Further, system security is a fundamental concept that must be implemented at all cost. To mitigate system risks, DXC.technology has developed a security framework that defines clear process of low and higher level system risks (Austin, 2018). These policies are to be enforced by all organizational employees as well as clients. These measures include; using organizational computers only for business purpose, online communication to be restricted to workplace emails only and data access to be made by only authorized employees.
Risk identification is one of the challenging information system and security measure. Since DXC.technology is an IT edge company, it has developed and outsourced advanced tools for use in service delivery (Alali & Yeh, 2012). In terms of organizational network penetration, network configuration has to be done in such a way that, all new devices must undergo several tests and authentication before connecting to organizational network. Similarly, all incoming signals are diverted to specific servers before accessing required data. Risk assessment is done in terms of severity and it depends on financial implication to the firm. Risk assessment has to be done by system security expert in presence of higher level management (Nather, 2018). Once risks have been identified and relevant assessment done, its control methodology should be followed carefully. Risk control has to be done through use of the appropriate tools, experts and policies.
Information system audit is very crucial part of business operation because it tries to evaluate if organizational IT systems are secure and available mitigation strategy in case of any risk (Mohammed, Far & Naugler, 2014). Information system audit are sued by the top level management to evaluate security measure that an organization should implement to be more secure and at the same phase with technological advancements. Next, information System audit as to be done to determine system compliance with organizational objectives. This makes sure organization does not implement systems measures that does not comply with international standards (Wiley, 2017). Finally, it is used to evaluate whether employees and other system users have been enforcing system operational requirements.
Conclusion and recommendations
DXC.technology is a service organization that offers IT solutions to its clients. Its services range from data analysis, cloud hosting, system security implementation and advice to its customers. Information system controls can either be general or application controls depending on its level of application by specific organization. General controls are generally applied to all systems while application controls are specific to individual application. Additionally, risk management techniques are available to help organization secure its operation. They include replicating services, having standby power source alternatives and implementing security measures that guarantees security of the data and availability of services offered by the DXC.technology. Finally, system audit is of great importance because it acts as complementary tool that ensures data integrity is maintained. It is highly recommended that, firms and IT service companies be careful when rolling out new IT strategies in business operations.
References
Alali, F. A., & Yeh, C. L. (2012). Cloud computing: Overview and risk analysis. Journal of Information Systems, 26(2), 13-33.
Austin, G. (2018). Corporate Cybersecurity. In Cybersecurity in China (pp. 65-79). Springer, Cham.
Austin, G. (2018). Governmental Cybersecurity. In Cybersecurity in China (pp. 95-116). Springer, Cham.
Ehatisham-ul-Haq, M., Azam, M. A., Naeem, U., Amin, Y., & Loo, J. (2018). Continuous authentication of smartphone users based on activity pattern recognition using passive mobile sensing. Journal of Network and Computer Applications, 109, 24-35.
Evers, K., Oram, R., El-Tawab, S., Heydari, M. H., & Park, B. B. (2017). Security measurement on a cloud-based cyber-physical system used for Intelligent Transportation. In Vehicular Electronics and Safety (ICVES), 2017 IEEE International Conference on (pp. 97-102). IEEE.
Frey, S. (2018). How to Eliminate the Prevailing Ignorance and Complacency Around Cybersecurity. In Cybersecurity Best Practices (pp. 1-10). Springer Vieweg, Wiesbaden.
Greene, M., & Master, Z. (2018). Ethical Issues of Using CRISPR Technologies for Research on Military Enhancement. Journal of bioethical inquiry, 1-9.
Jianhong, Z., & Hua, C. (2010). Secuirty storage in the Cloud Computing: A RSA-based assumption data integrity check without original data. In Educational and Information Technology (ICEIT), 2010 International Conference on (Vol. 2, pp. V2-143). IEEE.
Kumar, V. S., Prasad, J., & Samikannu, R. (2018). A critical review of cyber security and cyber terrorism–threats to critical infrastructure in the energy sector. International Journal of Critical Infrastructures, 14(2), 101-119.
Mohammed, E. A., Far, B. H., & Naugler, C. (2014). Applications of the MapReduce programming framework to clinical big data analysis: current landscape and future trends. BioData mining, 7(1), 22.
Nather, S. (2018). Improving Information Security Through Risk Management and Enterprise Architecture Integration. In ICCWS 2018 13th International Conference on Cyber Warfare and Security (p. 420). Academic Conferences and publishing limited.
Simpson, J. (2018). Emergency Services Systems Reliance on Wireless Telecommunications and the Potential for a Cyberattack (Doctoral dissertation, Utica College).
Subramanian, N., & Jeyaraj, A. (2018). Recent security challenges in cloud computing. Computers & Electrical Engineering, 71, 28-42.
Wang, Y., Jia, X., Jin, Q., & Ma, J. (2017). Mobile crowdsourcing: framework, challenges, and solutions. Concurrency and Computation: Practice and experience, 29(3), e3789.
Waz, I. R., Sobh, M. A., & Bahaa-Eldin, A. M. (2017). Internet of Things (IoT) security platforms. In Computer Engineering and Systems (ICCES), 2017 12th International Conference on (pp. 500-507). IEEE.
Wiley, (2017). Wiley ciaexcel exam review 2018: internal audit knowledge elements. s.l.: john wiley.
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
