Security of accounting information systems:

"The concept of security applies to all types of information and refers to the protection of valuable
assets and their safeguard against loss and damage." It should be clarified that in this definition the
IFAC refers to the information recorded, processed, stored and transmitted by electronic means as
"valuable assets", emphasizing the importance that the protection of the data they handle
represents for the accounting area.

The concept of security in computerized accounting systems applies to all types of information and
refers to the protection of valuable assets and their safeguard against loss, damage and disclosures
made by and for persons not authorized to access them.

The importance of security in computer accounting systems

Information security has become one of the most important issues in most organizations since their
survival and success depends, to a large extent, on the confidentiality, accuracy, integrity and
availability of the data they manage. . Recent surveys show that computer system security is ranked
at the highest levels among critical success factors in most organizations." (Abu-Musa, 2002).
International organizations have put their eyes on the issue due to the importance that information
represents in commerce today, not only local but global. The Organization for Economic
Cooperation and Development (OECD) in several studies it has carried out confirms the growing
interest that organizations worldwide are giving to the topic of good information management.

Objective of the security of computerized accounting systems

The International Federation of Accountants (IFAC) has established the following as the main
objective of computer security: "The protection of the interests that refer to the possession of
information and its communication from any damage generated by the loss of availability,
confidentiality or integrity thereof." According to the International Federation of Accountants,
organizations achieve security objectives when: a- The information system is available at the time it
is needed (availability). b- Data and information is revealed only to those people who have the right
to know them (confidentiality). c- Data and information are protected against unauthorized
modifications (integrity). "However, the relative priority and significance of the concepts of
availability, confidentiality and integrity vary according to the data that the computer system handles
and the business context in which they are used." (IFAC, 1998).
Next we will analyze the main components of Physical Security and Data Security as the two main
areas of the computer security system.
Components of Physical Security and Data Security (Figure 1)
Figure 1 represents the main components of physical and data security that an organization must
have; below we refer to each of its elements.
1. Physical Security: The security of information systems involves the protection of the information
as well as the computer systems used to record, process and store the information. Also
involved in this section is security, additional necessary equipment and the people designated to
handle the information.

1. Equipment: Organizations' equipment must be properly protected from physical factors that
could damage them or reduce their work capacity. Equipment must be protected from damage
caused by fire , excess humidity, theft, sabotage. The equipment, physically, is not limited to just
computers and their peripherals , but also calculators, external data storage systems such as
floppy disks, CDs, etc., cabling systems, and routers.
2. Personnel: The safety of personnel can be approached from two points of view, the safety of
personnel when working with computer systems, these must be in optimal conditions so that
they do not cause harm to people, and the security of computer systems. regarding their misuse
by employees. Both points of view must be considered when designing a security system.
1. Data security: Data is the heart of computer systems, therefore they must be carefully cared for
and managed. As we had seen in previous sections, the protection of their integrity, availability
and confidentiality must be the main objective of any computer security system.

1. Confidentiality: The confidentiality of computer systems basically refers to the accessibility of

information; levels of accessibility must be established that maintain coherent relationships
between the user, their role in the organization and the degree of depth to which they can reach
when deploying information.
2. Integrity: The concept of integrity refers to the protection of data from modifications and/or
alterations. Only authorized persons may make changes to the stored data.
3. Availability: This can be defined as the availability of information that authorized people have at
the time of need. If the information that personnel require to perform a job is not available then
said job cannot be performed or at least its completion will be delayed.
4. Validity: Data is valid when it accurately, precisely and completely reflects the information it
transmits. This concept is closely linked to that of integrity; if the integrity of a data is violated
then its validity will also be violated.
5. Authenticity: This concept refers to the fraudulent modification of information, for example, a
transaction may be entered into a computerized accounting system by a person not authorized
to do so, the data entered may meet the validity requirement but not the of authenticity since it
was not entered by the authorized person.
6. Privacy: "Normally the concepts of privacy, confidentiality and security are confused. Privacy
refers to the particular and personal concept of the use of information. Confidentiality is a
particular classification of the degree of data exposure . Security refers to the level of risk
regarding the use of information." (Abu-Musa, 2002)
7. Accuracy: This concept refers to the maintenance of a legitimate relationship between what data
is and what it represents. For example, a piece of information that represents the amount of
loans must exactly represent the amount lent, it cannot be greater or less, it must be the one
that faithfully represents reality.