Security of Management Information System


The company that has adopted the use of an information system in its management has a fundamental right to install or has to take precautions on the security of its information. The information relating to marketing, sales, finance, and human resource management should be secured from access by unauthorized persons since they can use the information of the company to gain a competitive advantage. Therefore the company must initially install good security measures which can reduce the loss of important information to the competitors.

Potential Security Threats

The organization has the possibility of facing very harsh security threats when there are no security controls installed in the information system. The possible threats which the organization can face are loss of information, inaccurate and incomplete processed data, theft of data by competitors, user error, terminal access penetration, alteration of data to suit the interest of certain people and damage of the software installed in the information system. The organization can also face a challenge of hacking where the unauthorized person gets access to the computer network for profit criminal mischief or personal pleasures. Therefore the organization must put in some strategies of reducing these problems.

Types of Security Measures

In the implementation process of the management information system, the types of security which must be installed immediately are physical security, logical security, processing control, and input control security which reduce the unauthorized access to the computer system.

Processing Control

These are sequential procedures which are included in the program being installed to ensure that there is a well done and precise processing of the data that has been entered into the system. This ensures that there is no data loss during the processing and therefore precise and accuracy is achieved. The company has to incorporate limit checks and edit runs within the information system for quality processing of the data. The limit check is to ensure that the arithmetic accuracy and validity is ascertained by the organization for easy management of the organization. Edit run should also be programmed in the information system to control the loss of alphabetical data.

Logical Access Control

The control security is installed at the implementation of the information system to control those who have access to the terminal of the computer. The organization has to install passwords and personal identification number into the system to ensure that the information of the organization is not interfered with by the unauthorized person in the organization. The authorized person must have an asset of characters which are keyed in before gaining access. It is aimed at identifying and assessing the authority of the user.

Input Control

The organization has to install input control security to ensure that there is an accurate and complete conversion from the source document to the input media. The checking must have the capability of identifying the missing data, incorrect digits and the alteration of the entry inputs which can change the meaning of the output. It includes the transaction codes, form design, check digits and control totals.


The organization must ensure that its data is properly protected by the use of security measures to prevent people who are not authorized to gain access. The unauthorized person can steal information of the organization from the database for the purpose of gaining competitive advantage. Important data can also be lost or altered during processing if good checks are not installed into the information system to ensure that the processed and input data are accurate. However, the organization has a role to ensure that their information system has well-established data security to prevent it from facing security threats.