Many Businesses use IT to manage their accounts, documents and decision-making. It is, therefore important that Access Control be implemented in Organisations to prevent unwanted modification or prying eyes from being able to commit computer crimes, such as the ones outlined in the Computer Misuse Act. Using Access Control can prevent these people and operational staff from being able to modify information that otherwise is not their place to edit. Some common implementations of Access Control could be limiting the information available to a customer about Transaction Processing Systems or Management Information Systems not allowing Managers access to manufacturer prices.
Access Control in Strategic, Tactical and Operational Management
In order to implement these features a common method of maintaining strict control is through a permissions model, where it is outlined to the computer what permissions a login has access to, such that they are able (like a file system) to edit, read or write a file or piece of information. Here are some common examples of Access Control;
- A Supermarket Employee is not able to alter the price of products.
- A Manager is not able to create new users for a MIS (Management Information System).
- A DSS (Decision Support System) is not able to commit to a higher level of privilege without presenting documentation proving that that decision is possible, a good example of this could be a bank requiring an account number to confirm that the account is active before allowing the employee to make changes or a support agent requiring a pin from a customer before being allowed to view the customers details.
The three levels of control is a common (but not de-facto) model for systems management, however often these levels of tasks can become obscured by other factors. These tasks can often be divided up among IT departments in formal organisations, such as ‘Ops’ and ‘Licencing’. The use of Access Control can be used to coordinate effective ICT teamwork on large projects and in other departments, such as accounting.
The Needs of An Organisation
Most organisations have similar information needs, such as retaining a stock quantity, a short description of the product etc. Therefore many organisations can utilise off the shelf systems, examples of these systems could include;
- Supermarket Checkout Software,
- Timekeeping and check in software for managing staff hours,
- Task Management.
- Communication Software.
A lot of businesses; for example in the telecommunications industry, will most likely use Asterisk for managing and delegating calls to staff around the organisation.
Similarly, any company that has a website will most likely have Apache or Nginx to host their website, these are very limited examples but should give you an example of the variety of software available to organisations.
The reasons that companies use these particular systems may vary however, they are relatively low maintenance compared to systems that they would have to develop themselves. Additionally, the cost of these systems can be significantly less as some software can be rented or managed through Saas (Software as a service) systems.
The Variety of Systems Available
Organisations also have different informational needs from sector to sector, for example…
- A Car Manufacturer’s part list.
- A Bank’s Customer Database.
- A Wholesalers Stock Quantity.
These businesses rely on completely different information about their systems. Their goals and objectives as businesses vary.
The Scale of Organisations
Additionally, because systems are so different… when a company undergoes a merger, it may be very disruptive to merge systems, especially ones that are updated very quickly, an example of this could be the askMID database, this system monitors the Insurance status of vehicles on the road in the UK, they claim to have over 10,000 edits an hour, therefore if they needed to merge their database, it would be important that the data was continually updated. It is also likely that the variety of the data available makes spotting mistakes harder to identify, so having a way of logging changes would be vital.
Data itself is valueless, however when provided with context, it becomes valued, a database contains lots of raw information, and therefore it would be extremely hard to interpret anything from it, for example here is a table from a database:
Without context, its information means nothing, it could mean anything. It is abstract, however when combined with some context, it becomes useful and can be useful.
| Andrew has completed his homework||Yes|
|Andrew’s school house color||Blue|
|Andrew’s last test score||5|
|Andrew’s highest test score||100|
|Andrew is real|| No|
Now that we have provided this table with some context, it makes more sense, this is the difference between information and data. Information is data that has been given meaning. Although it is odd to keep data about a fictional Andrew, it is funny to think that within this website, data is stored that will contain Andrew’s table, and only when this page is read will it make sense what the purpose of this information is for.
- Data is anything from numbers and letters to characters or metadata, it may be inputted into a computer through a form or another computer system.
- Information is data with context, it makes sense. It becomes information once you are familiar with what it is referring to.
An ICT System is something that provides information, automation, data or computation to a user. Some examples of an ICT System are:
- A School Website.
- A video rendering server.
- An online picture editor or gif creator.
- A fire alarm system.
- A sprinkler system.
ICT is visible everywhere and can be extremely beneficial to society, you reading this website is the result of hundreds of ICT systems being monitored by individuals called System Administrators or Sysadmin for short. Short of the simple systems that keep the website running, there is also the bigger picture systems, such as the time management servers, update servers for the OS of the website and your own computer, Record and bill systems checking that the server is paid for, Website analysis systems indexing this website on Google and other search engines, Security and Antivirus checking your router for bad traffic and even ISP systems, ensuring that your and this end of the connection is working, and if any of those systems were to fail, catastrophic consequences could occur.