ABSTRACT
Data security is often considered to be the area of ensuring that only correctly authorised people are allowed to read, update, or delete particular data items. Security is really a sub-set of control and control itself is something that is used to help ensure data integrity. Controls are sometimes considered to be a wasteful overhead which inhibit the efficient and economical operation of the system, but a moments reflection will show that they are an essential requirement if effectiveness is to be achieved. Responsibility for controls internal to the computer system usually resides with the Information Technology department, while the external clerical and administration controls are the responsibility of the user(s). There are six main types of control applicable to computer systems: prevention; detection; correction; continuity; contingency; and change. The level of control which will be applied to different data items will, to a large extent, be determined by whether they are classified as being either standing or transaction data.
