A Research on the Internal Control for Information Security

3378 Words Jan 28th, 2018 13 Pages
Control is fundamental to achieve organizational goal, and control aligns the aspiration of workforce with their capabilities. On the other hand, internal control for information security is the practice policies, procedures and responsibility structure that assists an organization to manage risks and protects organization information assets. Internal control plays a critical role in the overall effectiveness of information security. Much security breach within an organization often occurs because of lack of proper internal control structure. The United States enacts Sarbanes-Oxley Act in response to the public outcry that there was a lack of internal control assessment within most organizations in the United States. Typically, effective internal control assists an organization to achieve a business integrity, adequate security governance and business continuity. Lack of effective control could lead to a security breach or subversion and could lead to the inability to implement effective control information security system. (Sushma & Gurpreet 2005). Internal control for information security needs to be designed to minimize business risks and maximize return on investment (ROI).…
Open Document