| Abstract |
Abstract
This Research Aimed at Showing The role of information security governance in reducing the risks of electronic accounting information systems in government units.
For Achieving that; This Paper Was Analyzed With the Following Theoretical analysis:
Studying the nature of electronic accounting information systems, the characteristics and stages of work of these systems, the nature of these systems in light of e-government, and the role of e-government in influencing the governmental accounting system and its development mechanisms.
Studying the concept of information security and its elements, as well as the risks of electronic accounting information systems, the reasons for their occurrence and the factors that help to penetrate and classify these risks.
Study and analyze the nature of information security governance, its objectives, components, characteristics, steps for implementation, the advantages it achieves, and its role in reducing the risks of electronic accounting information systems in government units, by studying information security requirements under e-government and the components and obstacles to activating information security governance within it and the role of information security governance standards in reducing these risks.
The Researcher Reached Through The theoretical Study to Some Results, the most important of which are:
1- There are many risks that affect the proper performance of the functions of the government accounting information system in light of rapid technological developments, increasing technical problems, changing environmental events and human weakness. Threats and risks facing information systems stem from both intentional and unintended actions and behaviors that may occur. From internal or external sources, it also ranges between sudden events or secondary events that lead to the failure to achieve the security objectives.
2- The e-government needs to develop an integrated preventive system for administrative control, protect information from tampering, avoid government and citizen bearing political, operational and technological risks, secure the information network, and develop plans to confront the information virus that destroys and destroys programs and disrupts devices from work, and monitors hacking and attacking operations The principle of privacy, forgery of electronic signatures, and assault on intellectual property. The security system of the e-government must include computers and networks and all necessary measures to protect devices and networks.
3- The reasons for the occurrence of the risks of electronic accounting information systems in government units are the lack of training of employees on the use and protection of information systems, their poor selection, the lack of adequate controls and procedures that work to treat and prevent the occurrence of these risks, and the failure to follow up on recent developments in the field of information technology and related crimes out.
4- Technological solutions alone are not sufficient in facing the various risks to which electronic accounting information systems are exposed, and therefore government units must follow an integrated approach to information security management based on evaluating the technology used, evaluating the behavior of individuals, and paying attention to organizational aspects where it is easy to predict risks and frustrate them. Any attempt to make it, and information security governance is one of the most approaches that work to achieve these goals.
5- Information security governance works to provide a framework for oversight to ensure that the risks to which electronic accounting information systems are exposed in government units are reached to the permissible level, and it also works to ensure that the security strategies pursued by the unit are consistent with its strategic objectives.
6- Good application of information security governance achieves many benefits, and these benefits are not only represented in reducing risks or reducing the impact of wrong procedures, but can improve confidence and improve efficiency in security performance.
7- The standards used when applying information security governance are the ISO standards (ISO / IEC 27K), the COBIT 5 standard and the ITIL standard. The application of these standards in the form of an integrated framework leads to achieving the desired goals of implementing information security governance within the government unit.
The researcher prepared afield study through answer list to test the Validity of hypothesis:
1- The first hypothesis: The weakness of information security leads to an increase in the risks to which electronic accounting information systems are exposed in government units.
2- The Second hypothesis: Information security governance contributes to reducing the risks of electronic accounting information systems in government units.
The researcher Recommended through his theoretical and field study to the following:
1- Mechanization of the accounting system in line with the application of e-government, the establishment of a correct infrastructure, and the increase in the number of computers in an appropriate manner for data entry processes and the extraction of financial reports.
2- Training the employees of the state’s administrative apparatus in all areas of computers, networks and electronic applications necessary to implement the e-government and intensifying its annual contract.
3- Enact laws, legislation, and internal regulations to organize the work and the tasks and responsibilities of each individual, as well as security laws and legislation, documents and information.
4- Providing a governmental communication network and designing the necessary networks that allow the exchange of information and link the various ministries entrusted with carrying out work within the crucible of the state’s administrative apparatus
5- Increasing the interest of supervisory and supervisory authorities such as the Financial Supervisory Authority on Information Technology to manage the risks of technological development by raising the awareness of workers in government units to apply the rules, procedures and principles contained in the COBIT standard and ISO standards, in order to manage risks and protect information security effectively.
6- The researcher recommends taking advantage of the proposed framework to activate information security governance in government units to reduce the risks of electronic accounting information systems, which depends on the following axes:
Alignment between the general strategy of the governmental unit and the operating plans necessary to achieve the strategic goals and the strategic plan for information security.
Develop an operating plan for information security.
Develop a financial and financing plan for information security.
Establishing a general framework for the implementation of information security governance and control over it, taking into account what is provided by the control and supervision authorities and the legislation regulating the work of the government unit.
Forming committees specialized in directing information security and developing its own strategy, and the level of these committees must be from members of the Board of Directors.
Establishing deterrent penalties regarding hacking and electronic manipulation that take place within the government unit, as well as the risks of hacking from outside it
Issuing an accounting standard that regulates the work of the government accounting system in light of technological development.
|
