14.1 Microcomputer Security

	In previous lectures, we have discussed the security of computer systems that are part of and connected together through a network (LAN, WAN, Internet, etc.).
	In this lecture, the focus is not on the security of the network and the computer systems in it, rather the security of the microcomputer (PC or workstation) is considered.
	Microcomputers require controls and procedures to achieve the desired security.
	These controls are described below.

Informal Controls

	Informal controls are mainly related to the involvement and participation of the management/supervision staff in the day to day work of the organization and its staff.
	The management and supervision staff need to be familiar with all aspects of data processing and any activities and operations that take place on an employee’s individual microcomputer.
	Physical supervision and monitoring can play a big part in forcing microcomputer security.
	Examples of supervision and monitoring can be in the form of employees having to gain authorization or consent from a member of management/supervisor before carrying out a transaction or operation.
	As well as this, observing and keeping track of operations taking place and identifying any unusual operations that occur.

14.1 Microcomputer Security

	In addition to this, prior to supervision and monitoring of staff and microcomputers, management have to be fully integrated in the processes of hiring and training of staff as well as being involved in the constructing and piecing together of the staff’s duties and job description.
	This has proven to be vital in microcomputer security as the employment of suitable and capable staff results in less misuse and improper conduct in relation to microcomputers.

Audit Trail Controls

An audit trail is a saved record of the operations/processes that are carried out on a microcomputer.

The trail acts as a piece of evidence to clearly display the carried out operations as well as when and who carried them out.

Backup and Recovery Controls

	Backups and recovery procedures have to be carried out for both the hardware and software components of the microcomputer.
	Hardware backups are carried out using another microcomputer, either on the same premises or in a different location which is more advisable.

14.1 Microcomputer Security

	Both microcomputers have to be running at the same time and both connected in real time.
	If or when the microcomputer that is being used in the organization suddenly shuts down or malfunctions, the other microcomputer that is performing the backup is triggered into action and continues the operations/transactions that were being carried out in the original microcomputer.

	Similar to hardware backups, software also needs to be backed.
	This is done by backing up the software that is on the microcomputer.

	In essence, the backing up of software is making another copy of it in case the original software becomes un-usable or is damaged.
	Also, the backups should be placed off premises to minimize the chances of both the original and backup software being damaged.
	However, organizations have to be careful as making multiple copies of software is illegal and have to obtain permission/license from the software owner/provider before carrying out any backups.

14.1 Microcomputer Security

Programming Controls

	The programming of the software that is used on the microcomputers has to be assessed and controlled to make sure the software is programmed correctly and appropriately to suit the needs of the user.
	Testing the reliability of the programming will diminish any in-accurate inputs and outputs being produced by the software, in other words, decreasing the chance of an error occurring.